CN113886584A - Information detection method, device and equipment for application program - Google Patents

Information detection method, device and equipment for application program Download PDF

Info

Publication number
CN113886584A
CN113886584A CN202111165804.3A CN202111165804A CN113886584A CN 113886584 A CN113886584 A CN 113886584A CN 202111165804 A CN202111165804 A CN 202111165804A CN 113886584 A CN113886584 A CN 113886584A
Authority
CN
China
Prior art keywords
information
privacy policy
standard
application program
identified
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202111165804.3A
Other languages
Chinese (zh)
Inventor
王德胜
刘佳伟
刘新源
张谦
贾茜
章鹏
王心刚
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Alipay Hangzhou Information Technology Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202111165804.3A priority Critical patent/CN113886584A/en
Publication of CN113886584A publication Critical patent/CN113886584A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/30Information retrieval; Database structures therefor; File system structures therefor of unstructured textual data
    • G06F16/35Clustering; Classification
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/279Recognition of textual entities
    • G06F40/289Phrasal analysis, e.g. finite state techniques or chunking
    • G06F40/295Named entity recognition
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q10/00Administration; Management
    • G06Q10/06Resources, workflows, human or project management; Enterprise or organisation planning; Enterprise or organisation modelling
    • G06Q10/063Operations research, analysis or management
    • G06Q10/0635Risk analysis of enterprise or organisation activities
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q40/00Finance; Insurance; Tax strategies; Processing of corporate or income taxes
    • G06Q40/02Banking, e.g. interest calculation or account maintenance

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Human Resources & Organizations (AREA)
  • Economics (AREA)
  • Strategic Management (AREA)
  • General Engineering & Computer Science (AREA)
  • General Business, Economics & Management (AREA)
  • Accounting & Taxation (AREA)
  • Finance (AREA)
  • Development Economics (AREA)
  • Marketing (AREA)
  • Entrepreneurship & Innovation (AREA)
  • Technology Law (AREA)
  • Databases & Information Systems (AREA)
  • Educational Administration (AREA)
  • Data Mining & Analysis (AREA)
  • Game Theory and Decision Science (AREA)
  • Operations Research (AREA)
  • Quality & Reliability (AREA)
  • Tourism & Hospitality (AREA)
  • Health & Medical Sciences (AREA)
  • Artificial Intelligence (AREA)
  • Audiology, Speech & Language Pathology (AREA)
  • Computational Linguistics (AREA)
  • General Health & Medical Sciences (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The embodiment of the specification discloses an information detection method, device and equipment of an application program, wherein the method comprises the following steps: acquiring a privacy policy text of an application program to be identified; inputting a privacy policy text into a trained recognition model to obtain first information which is required to be obtained by an application program to be recognized and is represented in the privacy policy text; determining second information which needs to be acquired by the application program to be identified and is represented in the source code of the application program to be identified; acquiring standard information which is allowed to be acquired by an application program to be identified; detecting whether the first information is consistent with the standard information or not to obtain a first detection result; detecting whether the second information is consistent with the standard information or not to obtain a second detection result; and generating compliance detection information according to the first detection result and the second detection result.

Description

Information detection method, device and equipment for application program
Technical Field
The present application relates to the field of compliance and supervision technologies, and in particular, to a method, an apparatus, and a device for detecting information of an application.
Background
Compliance risk is widely present in various aspects of financial institution business and management, and in the internet industry, compliance risk may refer to a risk resulting from failure to keep consistent with national laws, regulations, policies, and industry paradigms or service level agreements during operation or internal management of an enterprise.
Currently, with the rapid development of internet technology, the number of APPs currently exceeds 500 ten thousand. Although the method brings great convenience to the life of people, the problem of illegal APP collection and use of personal information is increasingly highlighted. Personal information is collected in an illegal way, so that large-scale group data divulgence events are easily caused, and great influence is caused on personal property safety and social stability. In order to ensure the healthy operation of the internet industry, relevant regulatory agencies pay more attention to the compliance management and control of mobile internet Application (APP), the problem of user information security gradually becomes a focus problem of public concern,
therefore, it is desirable to provide an information detection method for an application program, so that an APP operator can detect compliance of an APP, and the released APP can be guaranteed to conform to relevant regulations of legal compliance provisions.
Disclosure of Invention
The information detection method, device and equipment of the application program provided by the embodiment of the specification are used for automatically carrying out compliance detection on the APP.
In order to solve the above technical problem, the embodiments of the present specification are implemented as follows:
an information detection method for an application provided in an embodiment of the present specification includes:
acquiring a privacy policy text of an application program to be identified;
inputting the privacy policy text into a trained recognition model to obtain first information which is expressed in the privacy policy text and needs to be obtained by the application program to be recognized; the first information comprises first user personal information and first equipment authority information which are required to be acquired by the application program to be identified;
determining second information which is required to be acquired by the application program to be identified and is represented in the source code of the application program to be identified; the second information comprises second user personal information and second equipment authority information which are required to be acquired by the application program to be identified;
acquiring standard information which is allowed to be acquired by the application program to be identified; the standard information comprises standard user personal information and standard equipment authority information which are allowed to be acquired by the application program to be identified;
detecting whether the first information is consistent with the standard information or not to obtain a first detection result;
detecting whether the second information is consistent with the standard information or not to obtain a second detection result;
and generating compliance detection information according to the first detection result and the second detection result.
An information detection apparatus for an application provided in an embodiment of the present specification includes:
the privacy policy text acquisition module is used for acquiring the privacy policy text of the application program to be identified;
the first information determining module is used for inputting the privacy policy text into a trained recognition model to obtain first information which is expressed in the privacy policy text and needs to be obtained by the application program to be recognized; the first information comprises first user personal information and first equipment authority information which are required to be acquired by the application program to be identified;
the second information determining module is used for determining second information which needs to be acquired by the application program to be identified and is represented in the source code of the application program to be identified; the second information comprises second user personal information and second equipment authority information which are required to be acquired by the application program to be identified;
the standard information acquisition module is used for acquiring standard information which is allowed to be acquired by the application program to be identified; the standard information comprises standard user personal information and standard equipment authority information which are allowed to be acquired by the application program to be identified;
the first detection module is used for detecting whether the first information is consistent with the standard information or not to obtain a first detection result;
the second detection module is used for detecting whether the second information is consistent with the standard information or not to obtain a second detection result;
and the compliance detection information generating module is used for generating compliance detection information according to the first detection result and the second detection result.
An information detection device for an application provided in an embodiment of the present specification includes:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
acquiring a privacy policy text of an application program to be identified;
inputting the privacy policy text into a trained recognition model to obtain first information which is expressed in the privacy policy text and needs to be obtained by the application program to be recognized; the first information comprises first user personal information and first equipment authority information which are required to be acquired by the application program to be identified;
determining second information which is required to be acquired by the application program to be identified and is represented in the source code of the application program to be identified; the second information comprises second user personal information and second equipment authority information which are required to be acquired by the application program to be identified;
acquiring standard information which is allowed to be acquired by the application program to be identified; the standard information comprises standard user personal information and standard equipment authority information which are allowed to be acquired by the application program to be identified;
detecting whether the first information is consistent with the standard information or not to obtain a first detection result;
detecting whether the second information is consistent with the standard information or not to obtain a second detection result;
and generating compliance detection information according to the first detection result and the second detection result.
The embodiment of the specification provides a computer readable medium, on which computer readable instructions are stored, and the computer readable instructions can be executed by a processor to realize an information detection method of an application program.
One embodiment of the present description achieves the following advantageous effects: obtaining a privacy policy text of an application program to be identified; inputting a privacy policy text into a trained recognition model to obtain first information which is required to be obtained by an application program to be recognized and is represented in the privacy policy text; determining second information which needs to be acquired by the application program to be identified and is represented in the source code of the application program to be identified; acquiring standard information which is allowed to be acquired by an application program to be identified; detecting whether the first information is consistent with the standard information or not to obtain a first detection result; detecting whether the second information is consistent with the standard information or not to obtain a second detection result; and generating compliance detection information according to the first detection result and the second detection result. By the method, conflicts among the comparison standard file, the APP privacy policy text and the APP source code about the personal information of the user and the equipment permission information can be automatically detected, compliance detection information is generated for the user based on the detection result, the APP operator is guided to automatically check the self-discipline and prevent precaution in advance, and the risk that the APP is off-shelf due to non-compliance after the APP is released is avoided.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, it is obvious that the drawings in the following description are only some embodiments described in the present application, and for those skilled in the art, other drawings can be obtained according to the drawings without any creative effort.
Fig. 1 is a schematic view of a scene of an information detection method of an application provided in an embodiment of the present specification;
fig. 2 is a flowchart of an information detection method of an application according to an embodiment of the present disclosure;
FIG. 3 is a first interface diagram of compliance detection information generated by embodiments of the present disclosure;
FIG. 4 is a second schematic interface diagram of compliance detection information generated by an embodiment of the present disclosure;
fig. 5 is a schematic structural diagram of an information detection apparatus of an application according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of an information detection device of an application provided in an embodiment of this specification.
Detailed Description
To make the objects, technical solutions and advantages of one or more embodiments of the present disclosure more apparent, the technical solutions of one or more embodiments of the present disclosure will be described in detail and completely with reference to the specific embodiments of the present disclosure and the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of the present specification, and not all embodiments. All other embodiments that can be derived by a person skilled in the art from the embodiments given herein without making any creative effort fall within the scope of protection of one or more embodiments of the present specification.
"compliance risk" refers to: banks may be at risk of legal sanctions or regulatory penalties, significant financial or reputation loss due to failure to comply with legal regulations, regulatory requirements, rules, relevant guidelines set by the autonomic organization, or behavioral guidelines that have been applied to the bank's own business activities. Compliance risk is widely present in various aspects of financial institution business and management, and in the internet industry, compliance risk may refer to a risk resulting from failure to keep consistent with national laws, regulations, policies, and industry paradigms or service level agreements during operation or internal management of an enterprise.
A large number of mobile apps are in use, involving private and sensitive information. In the processes of personal information processing, sharing, transferring and disclosure, security events causing personal information leakage are endless due to the fact that management processes and technical means are not standardized.
In recent years, the issue of user information security has become a focus of public concern, and personal information and data protection are important components of the internet governance system and are important in establishing good internet order. With the popularization of smart phones, the number of current mobile internet Applications (APP) exceeds 500 ten thousand. Although the method brings great convenience to the life of people, the problem of illegal APP collection and use of personal information is increasingly highlighted. For example, the system permission (such as recording permission, address list permission, camera permission and GPS permission) of the smart phone of the user is randomly called, personal sensitive information such as the user identity card number, the bank account number and the track is collected, and partial APP collects the user information and has no relation with the APP providing function. A large amount of illegal personal information collection easily causes large-scale group data divulgence events, and has great influence on personal property safety and social stability.
In order to correct the disorder of illegal collection of personal information by APP, the national regulatory department successively issues basic specifications of information security technology-mobile internet application (App) collection of personal information. The minimum necessary information which can be collected by 30 common service types such as map navigation, network car booking, instant messaging, network community, network payment, news information, online shopping and the like is regulated. If the APP excessively collects the mobile phone address list, the face identification information, the position information and the like of the user, corresponding regulations of a supervision department cannot be met. The supervision department can negotiate about the responsible person of the APP operation enterprise about the problems of unreasonable application authority, excessive acquisition and the like, and even strange the APP off shelf. Therefore, it is very necessary for the operator of APP to perform compliance self-check on the developed APP.
Generally, privacy policy terms of APP are mostly written by professional legal personnel, while development codes of APP are completed by professional program developers, and due to different professional roles and different domain knowledge, the situation that the national legal regulations, privacy policy terms of APP and codes actually executed by APP are inconsistent with respect to certain data item acquisition behaviors and expressions, even direct conflicts, often occur. For example: in the actual execution process of the APP, the address book record of the user is obtained by reading the address book authority, but the address book record is not stated in the privacy policy clause of the APP or directly conflicts with the national legal standard. Especially, the risk of APP rectification, public notification and even off-shelf can be faced when the national legal regulations are violated, and the APP service provision is directly influenced or the economic loss is directly caused. This is often the case because the APP will often be updated periodically.
In order to overcome the above defects, the information detection method for the application program provided in the embodiment of the present specification can solve the problem of consistency between the legal specification, the terms of the APP privacy policy, and the code actually executed by the APP with respect to data acquisition expression and behavior.
The technical solutions provided by the embodiments of the present description are described in detail below with reference to the accompanying drawings.
Fig. 1 is a scene schematic diagram of an information detection method of an application program according to an embodiment of the present specification. As shown in fig. 1, when there is an APP to be identified, a privacy policy text 102, an APP source code 103, and a standard file 104 corresponding to the APP may be input into an automatic detection system 101, and the automatic detection system 101 may automatically detect compliance of an application program to be identified according to the privacy policy text 102, the APP source code 103, and the standard file 104 corresponding to the APP, and generate compliance detection information corresponding to the APP to be identified.
Next, a risk quantification method based on a risk representation provided in an embodiment of the specification will be specifically described with reference to the accompanying drawings:
fig. 2 is a flowchart of an information detection method of an application according to an embodiment of the present disclosure. From the viewpoint of a program, the execution subject of the flow may be a program installed in an application server or an application client. The execution subject in the embodiment of the present specification may be an automatic detection system in a self-checking supervision device inside an enterprise, or may be a server inside a platform for automatically monitoring the compliance risk of the platform.
As shown in fig. 2, the process may include the following steps:
step 210: and acquiring the privacy policy text of the application program to be identified.
Note that the privacy policy text in this step may refer to privacy policy texts of various Application programs (APPs). The privacy policy of APP may also be referred to as a user privacy protocol, a user privacy policy, a privacy policy, and the like. Generally, when a user registers an APP or uses the APP to provide a service, an APP operator displays a privacy policy text to the user, and declares a range of collected user information and corresponding rights and obligations in the privacy policy text. For example: personal information of a user, authority equipment information, APP product definition, APP function information, information of the APP for guaranteeing and collecting the user information, right and obligation information of the user and the like to be collected can be written in the privacy policy text.
The APP is generally installed and operated on the mobile intelligent terminal. The intelligent mobile terminal can be provided with an open operating system, can realize internet access by using a wireless mobile communication technology, and is a terminal product for providing services for users by downloading and installing application software and digital contents.
The application to be identified in the above step may represent a newly developed APP by an APP operator, or an APP after an updated version. In practical application, after developing an APP or updating the version of an original APP, an operator of the APP needs to detect whether the newly developed APP or the updated APP is in compliance or not, and after the compliance is detected, the APP is released for a user to use, so that the risk of strangling or punishing due to the fact that the released APP is not in compliance can be avoided.
Step 220: inputting the privacy policy text into a trained recognition model to obtain first information which is expressed in the privacy policy text and needs to be obtained by the application program to be recognized; the first information comprises first user personal information and first equipment authority information which are required to be acquired by the application program to be identified.
It should be noted that the identification model in this step may be a model for identifying relevant information in the privacy policy text, for example, a model for identifying user personal information and device authority information in the privacy policy text. The recognition model is a neural network model, and the recognition model is a trained model.
The trained recognition model can be used for recognizing the personal information of the user and the equipment authority information in the privacy policy text, and the information recognized from the privacy policy text can be represented by the first information for distinguishing the personal information and the equipment authority information in the subsequent steps. The first information may include first user personal information and first device right information to be acquired by the application to be identified, which are stated in the privacy policy text.
Step 230: determining second information which is required to be acquired by the application program to be identified and is represented in the source code of the application program to be identified; the second information comprises second user personal information and second equipment authority information which are required to be acquired by the application program to be identified.
Source code may refer to the code of the most primitive program being written. The programmer needs to write the program by adopting a special program language in the process of writing the program. Source code is computer language instructions written by a programmer that are human-readable.
In modern programming languages, the source code may be in the form of a book or tape; the most common format is a text file, which is typically used for the purpose of compiling a computer program. The ultimate purpose of computer source code is to translate human-readable text into binary instructions that the computer can execute, a process called compilation. Generally, the source code of the application program to be recognized is written with a code corresponding to the function of the application program to be recognized, the personal information and the device authority information that the application program to be recognized needs to acquire, and the like. For the sake of distinction, the information indicated in the source code is referred to as second user personal information and second device right information.
In practical application, it is required that the user personal information and the device permission information indicated in the APP code and required to be acquired by using the APP are consistent with the user personal information and the device permission information indicated in the privacy policy text of the APP and required to be acquired by using the APP.
Step 240: acquiring standard information which is allowed to be acquired by the application program to be identified; the standard information comprises standard user personal information and standard equipment authority information which are allowed to be acquired by the application program to be identified.
It should be noted that the standard information in this step may be information in a standard document issued by a third party organization. The third party authority may be an authority dedicated to supervising APP compliance. The standard file may be a file that specifically specifies mobile internet application security information. User personal information and device authority information which are allowed to be acquired by each type of APP in the actual application process are definitely specified in the standard file, and for the convenience of distinguishing, the information determined from the standard file is called standard user personal information and standard device authority information.
In the actual application process, information (user personal information and authority equipment information) which needs to be acquired and is indicated in each APP source code, information which needs to be acquired and is indicated in a privacy policy text, and information which can be acquired by the APP and is specified in a standard file specified by laws and regulations are required to be consistent.
In practical application, the information determined from the APP source code and the information determined from the privacy policy text are compared with the standard information respectively based on the information specified in the standard file. And if the standard information is inconsistent with the standard information, modifying the standard information.
In addition, the user personal information in the "first user personal information", "second user personal information", "standard user personal information", "first device authority information", "second device authority information" and "standard device authority information" involved in the above steps may at least include: one or more of user personal identity information, transaction information, location information, communication information, network access logs, account information, friend information, and account information. The device rights information may include at least: one or more of a location authority, a storage authority, a reading device state authority, a call record authority, a short message authority and a camera authority. In practical applications, different types of APPs may have different user personal information and device permission information to be obtained.
Step 250: and detecting whether the first information is consistent with the standard information or not to obtain a first detection result.
Step 260: and detecting whether the second information is consistent with the standard information or not to obtain a second detection result.
In steps 250 and 260, the first information is compared with the standard information, and the second information is compared with the standard information, respectively, to obtain corresponding detection results.
Step 270: and generating compliance detection information according to the first detection result and the second detection result.
And generating compliance detection information according to the detection result. The compliance check information may be a file containing the first check result and the second check result, for example: the compliance check information may be a check report that may include the entire contents of the first information and the second information, but the first suspicious information that is inconsistent with the standard information may be marked in the first information as well as the second information. Of course, the detection report may include only information inconsistent with the standard information.
It should be understood that the order of some steps in the method described in one or more embodiments of the present disclosure may be interchanged according to actual needs, or some steps may be omitted or deleted.
The method of fig. 2, by obtaining a privacy policy text of an application to be identified; inputting a privacy policy text into a trained recognition model to obtain first information which is required to be obtained by an application program to be recognized and is represented in the privacy policy text; determining second information which needs to be acquired by the application program to be identified and is represented in the source code of the application program to be identified; acquiring standard information which is allowed to be acquired by an application program to be identified; detecting whether the first information is consistent with the standard information or not to obtain a first detection result; detecting whether the second information is consistent with the standard information or not to obtain a second detection result; and generating compliance detection information according to the first detection result and the second detection result. By the method, conflicts among the comparison standard file, the APP privacy policy text and the APP source code about the personal information of the user and the equipment permission information can be automatically detected, compliance detection information is generated for the user based on the detection result, the APP operator is guided to automatically check the self-discipline and prevent precaution in advance, and the risk that the APP is off-shelf due to non-compliance after the APP is released is avoided.
Based on the method of fig. 2, the present specification also provides some specific embodiments of the method, which are described below.
In the method of fig. 2, the references "first" and "second" in the "first user personal information" and "second user personal information", and "first" and "second" in the "first device authority information" and "second device authority information" are only used to distinguish information obtained from the privacy policy text from information obtained from the source code, and do not affect the protection scope of the present invention.
In the existing scheme, a special APP compliance supervisor generally identifies user personal information and authority device information in a privacy policy text, but manual identification is time-consuming and labor-consuming, and both accuracy and efficiency are low. Therefore, in the embodiment of the present specification, the automatic identification of the user personal information and the device authority information in the privacy policy text by using the identification model specifically may include the following steps:
the inputting the privacy policy text into a trained recognition model to obtain first information, which is required to be obtained by the application to be recognized and is represented in the privacy policy text, may specifically include:
inputting the privacy policy text into a trained recognition model to obtain first user personal information which is represented in the privacy policy text and needs to be acquired by the application program to be recognized;
acquiring a mapping relation between preset user personal information and equipment authority;
and determining first equipment authority information which is required to be acquired by the application program to be identified and is represented in the privacy policy text according to the first user personal information and the mapping relation between the user personal information and the equipment authority information.
First, in the above steps, the recognition model may be a named entity recognition model, or a keyword matching model. Specifically, when different models are adopted, the following different method steps can be adopted:
and in the first mode, the information in the privacy policy text is identified by adopting a named entity identification model. The method specifically comprises the following steps:
and inputting the privacy policy text into a trained named entity recognition model to obtain the personal information of the first user, which is expressed in the privacy policy text and needs to be acquired by the application program to be recognized.
Named Entity Recognition (NER) can refer to an Entity with a specific meaning in a Recognition text, and mainly includes a name of a person, a name of a place, a name of an organization, a proper noun, and the like. The task of named entity recognition may be to identify named entities of three major classes (entity class, time class, and numeric class), seven minor classes (person name, organization name, place name, time, date, currency, and percentage) in the text to be processed.
In practical application, the NER problem is a sequence tagging problem, so the NER data tagging mode also follows the mode of the sequence tagging problem, and a biee tagging method can be mainly used, wherein the biee respectively represents that: b, Begin, denotes Start; i, intermedate, denotes Intermediate; e, End, denotes End; o, Other, means that O is used to mark an unrelated character. For example: "you may need to provide information about your name, gender, phone number, etc. "this statement is annotated, and the result is: [ O, O, O, O, O, O, O, O, O, B-NAME, E-NAME, O, B-GENDER, E-GENDER, O, B-PHONE, I-PHONE, I-PHONE, E-PHONE, O, O, O, O ], wherein NAME represents NAME, GENDER represents GENDER, and PHONE represents mobile PHONE number.
Suppose there are m categories of personal information of the user in the privacy policy text, denoted as c1,c2,c3,……,cm-1,cmGiven a data record W to be recognized of character length n ═ W1,w2,w3,……,wn-1,wnW, a plurality of continuous character strings W in WkThe sequence S ═ wk-i,wk-i+1,……,wk]If S is of wjType of user profile, then the task of identifying user profile based on named entity identification (NER) techniques may be to identify wk-iMark wjB from wk-i+1Start to wk-1Sign wjI, handle wkMark wj_E。
Before the NER model is adopted to identify the personal information of the user in the privacy policy text, the NER model needs to be trained, and the specific training process is as follows:
acquiring privacy policy text samples corresponding to APPs (application program) of known user personal information and equipment permission information;
performing sequence labeling and category labeling on the user personal information and the equipment authority information in the privacy policy text sample by adopting a BIOE labeling method to obtain a labeled training sample;
training the initial named entity recognition model by using the marked training sample to obtain a trained named entity recognition model;
adopting the trained named entity recognition model to recognize the privacy policy text sample corresponding to the APP to obtain a recognition result;
determining the accuracy corresponding to the trained named entity recognition model according to the recognition result, the known personal information of the user and the known equipment authority information;
and adjusting training parameters corresponding to the named entity recognition model according to the accuracy until the accuracy meets a preset accuracy, so as to obtain the trained named entity recognition model.
In the embodiment of the present specification, when the NER model is used to identify the privacy policy text, the location of the user personal information in the privacy policy text and the category of the user personal information may be identified, for example: when the personal information of the user, namely the name 'zhang' in the privacy policy text is identified, the input of the NER model is a word segmentation list corresponding to the privacy policy text, and the output is the boundary and the category of the named entity corresponding to the personal information of each user. The output of the NER model may be in (entry, type, begin, end).
In order to identify the personal information of the user declared and collected in the APP privacy policy text, when a named entity labeling model is trained, a privacy policy text set of mainstream APP in the current market can be collected, and a BIOE marking method is used for marking each text in the privacy policy text set, so that which personal information related data items are collected by the privacy policy text.
Then, a named entity recognition model (NER model) is trained according to the labeled data and saved for the use of the automatic analysis part of the system, wherein the named entity recognition model (NER model) can specifically adopt machine learning or deep learning methods such as HMM, MEMM, CRF, NN/CNN-CRF, RNN-CRF, Bi-LSTM + CRF, BERT + CRF and the like, but is not limited thereto.
The evaluation of the effect of the NER model can be measured by 3 indexes of accuracy (precision, abbreviated as P), recall (recall, abbreviated as R) and F-measure (F-measure), and the calculation formula is as follows:
Figure BDA0003291615120000101
Figure BDA0003291615120000102
Figure BDA0003291615120000103
the above formula is merely an example for representing the evaluation of the performance of the NER model, and does not limit the specific range. When the training samples are adopted to train the NER model, the accuracy and recall rate of the NER model can be calculated, and the performance of the NER model can be evaluated by adopting other indexes. And adjusting training parameters corresponding to the named entity recognition model according to the accuracy until the accuracy of the NER model meets the preset accuracy, and obtaining the trained named entity recognition model.
The method adopts a named entity identification model (NER model) to identify the personal information of the user, and identifies the personal information data item in the privacy policy text in a sequence marking mode. Because the named entity recognition model adopts a sequence marking mode, not only can whether the privacy policy text contains the personal user information or not be recognized, but also the starting and ending position information and the type of the personal information of the user of one or more contained personal information data item sequences can be recognized.
And secondly, identifying the information in the privacy policy text by adopting a keyword matching model. The method specifically comprises the following steps:
and inputting the privacy policy text into a trained keyword matching model to obtain the personal information of the first user, which is expressed in the privacy policy text and needs to be acquired by the application program to be identified.
The keyword matching method may include: exact match, phrase match, and broad match.
The position and the category of the personal information of the user in the privacy policy text can be identified from the privacy policy text by adopting a keyword matching model.
Of course, before the keyword matching model is used to identify the personal information of the user in the privacy policy text, the keyword matching model also needs to be trained. For example: a mapping relation matching library of the keywords and the personal information of the user can be constructed according to the sample information, the mapping relation matching library can be constructed manually, and a model can also be adopted to construct according to historical sample information.
Once the trained keyword matching model identifies that the keyword appears in the privacy policy text, the privacy policy text can be considered to contain the personal information of the user corresponding to the keyword.
Through the mode, the personal information of the user in the privacy policy text can be automatically identified by adopting the identification model, the defects of low efficiency and poor accuracy caused by manual identification are avoided, and the identification efficiency and the identification precision of the privacy policy text are improved, so that a good basis is provided for subsequent APP compliance detection.
In addition, the user personal information can be identified from the privacy policy text by adopting the identification model, but when the APP is subjected to compliance detection, the device authority information in the privacy policy text needs to be determined.
Optionally, the mapping relationship between the user personal information and the device authority information may be determined according to historical experience data, and specifically, the following method may be included:
and establishing a mapping relation table according to manual experience in a first mode.
And secondly, automatically establishing a mapping relation table according to historical experience data. For example: and establishing a mapping relation table by adopting a neural network model. When the neural network model is used for establishing the mapping relation table, the historical privacy policy text and the corresponding equipment authority information can be used for training the model. For example: for any historical privacy policy text, the personal information (name, contact information, equipment state and positioning information) of the user and the equipment authority information (address book access authority, equipment state authority and position authority) corresponding to the privacy policy text can be determined from the historical privacy policy text, and the mapping relation between the personal information of the user and the equipment authority information can be established according to the privacy policy text and the corresponding equipment authority information. For example: the established mapping relation is as follows: the "positioning information-position authority", "device state information-reading device state authority", "contact information-address book access authority", "short message-short message authority" and "album information-camera authority" and the like.
It should be noted that, when determining the authority device information according to the personal information of the user, the establishment of the mapping relationship is particularly important, for example, in the above method steps, when the mapping relationship table is established by using the model, a large amount of historical data may be used for training, and optionally, data acquired online or offline and data acquired in multiple dimensions may be used for training, so as to increase the coverage of the acquired data. When the collected data are adopted to train the model, privacy policy texts corresponding to the APPs of the terminal can be collected in real time, so that the performance of the model obtained by training can be timely updated.
Optionally, the determining of the second information to be acquired, which is represented in the source code of the application program to be identified, may specifically include:
acquiring a source code of the application program to be identified;
and analyzing and identifying the source code, and determining the second user personal information and the second equipment authority information represented in the source code.
It should be noted that, for the source code of the APP, in combination with the foregoing description, at least the function of the APP, the user personal information and the device permission information that will be collected by using the APP, and the like, will be compiled in the source code of the APP. Therefore, the personal information of the user and the equipment authority information which are indicated in the source code and need to be acquired can be obtained by analyzing and identifying the source code. Taking table 1 as an example, if the APP source code includes the code keyword in table 1, the APP obtains the device permission information and the user personal information of the corresponding intelligent mobile terminal.
TABLE 1 code analysis table
Figure BDA0003291615120000121
Figure BDA0003291615120000131
Table 1 lists only the device permission information and the user personal information corresponding to a small portion of the analyzed codes, and is only used for explaining that the device permission information and the user personal information can be correspondingly obtained after the source code of the APP is analyzed, and the protection range is not affected.
Optionally, the obtaining of the standard information that the application to be identified is allowed to obtain may specifically include:
determining the function type of the application program to be identified;
acquiring a standard file corresponding to the application program to be identified according to the function type;
determining the standard user personal information and the standard equipment authority information which are allowed to be acquired by the application program to be identified from the standard file; the standard document is issued by a third party organization.
The function types at least include map navigation, instant messaging, internet car booking, internet community, internet payment, news information, internet shopping, short video, traffic ticketing, financial loan and security management, etc. Different function types may correspond to different standard files, and of course, the standard files may also include information tables corresponding to different APPs, for example: one type of APP corresponds to a minimum necessary information table or a device permission table.
The third party authority may be a regulatory authority dedicated to managing APP compliance.
The step of obtaining the standard file can be finished by off-line presetting, and different function types correspond to different minimum necessary information and equipment authorities.
It should be noted that, at present, the national regulatory authorities release the minimum necessary information collectable by APP of 30 common service types, such as map navigation, internet car booking, instant messaging, internet community, internet payment, news information, online shopping, and the like. The minimum necessary information may refer to personal information that is least enough to ensure a certain service type to operate normally, including personal information that, if lacking, will cause the service type to be unable to implement or operate normally, and personal information that the legal and legal requirements must collect. As shown in table 2, instant messaging is taken as an example. The APP of the instant messaging provides communication services in forms of online characters, voice, video and the like for users, or services such as friend making interaction and the like based on instant messaging. The minimum necessary information for this service type is shown in table 2:
TABLE 2 minimal essential information of instant messaging class
Figure BDA0003291615120000141
Figure BDA0003291615120000151
In addition to the information in table 2, there is also minimum necessary information corresponding to APPs of various function types, which is not listed in the embodiments of the present specification. The relevant information as in table 2 above may be understood as information in a standard document promulgated by a third party authority. For example: as shown in table 2, among the user personal information that can be obtained by instant messaging, a "buddy list" is user personal information required for implementing a service, but the APP of the instant messaging class is only used for establishing and managing a contact relationship of the user in an instant messaging application when obtaining the buddy list. The user should be allowed to manually add friends in the instant messaging application, and the user's address book should not be forced to be read. When determining whether the APP is in compliance, comparing the user personal information required to be acquired in the APP to be identified with the user personal information allowed to be acquired by the APP of the type specified in the standard file, if so, performing compliance, otherwise, not performing compliance.
In addition, in the standard file, besides the personal information of the user, which is allowed to be obtained by various types of APPs, the device authority information, which is allowed to be obtained by various types of APPs, is also specified, for example: the "map navigation-location authority", "network car booking-location authority", "instant messaging-storage authority", "network payment-reading device status authority", "short video-storage authority", "catering takeaway-location authority", "security management-call recording authority, short message authority, storage authority", "shooting beautification-camera authority, storage authority", "application store-storage authority", and "network live broadcast-storage authority", and the like.
Identifying a privacy policy text of an APP to be identified to obtain first user personal information and first equipment permission information; and identifying the source code, comparing the source code with a standard file after second user personal information and second equipment authority information are obtained, generating detection information according to a comparison result, and sending the detection information to an APP operator. The method comprises the following specific steps:
the generating of the compliance detection information may specifically include:
when the first detection result shows that the first information is consistent with the standard information and the second detection result shows that the second information is consistent with the standard information, generating compliance detection information containing first prompt information; the first prompt information is used for prompting the compliance of the application program to be identified.
In practical application, if the privacy policy text, the source code and the information in the standard file of the APP to be recognized are consistent, the compliance of the APP to be recognized can be determined. At this time, first prompt information for prompting the APP compliance to be recognized may be generated.
On the contrary, when the first detection result indicates that the first information is inconsistent with the standard information, compliance detection information containing second prompt information can be generated; the second prompt message is used for prompting the part of the first message, which is inconsistent with the standard message;
and/or generating compliance detection information containing third prompt information when the second detection result shows that the second information is inconsistent with the standard information; the third prompting message is used for prompting the part of the second message, which is inconsistent with the standard message.
It should be noted that the generated second prompt information may be a part of the APP operator that shows the first information that is inconsistent with the standard information, and/or a part of the second information that is inconsistent with the standard information. Specifically, the entire privacy policy text and/or the source code corresponding to the entire APP may be directly presented to the user, and a part inconsistent with the standard information is identified in the privacy policy text and/or the APP source code. Of course, instead of sending the entire privacy policy text or APP source code to the APP operator, only text information in the privacy policy text that is inconsistent with the standard information and/or code information in the source code that is inconsistent with the standard information may be sent to the operator.
Further, the generating of the compliance detection information including the second prompt information may specifically include:
determining first suspicious information inconsistent with the standard information in the first information;
determining first category information corresponding to the first suspicious information; and performing color marking on the text information corresponding to the first suspicious information in the privacy policy text, and annotating the information type of the text information according to the first type of information to obtain compliance detection information containing the second prompt information.
Optionally, the generating the compliance detection information including the third prompt information specifically may include:
determining second suspicious information inconsistent with the standard information in the second information;
determining second category information corresponding to the second suspicious information;
and performing color marking on code information corresponding to the second suspicious information in the source code of the application program to be identified, and performing annotation on the information type of the code information according to the second category information to obtain compliance detection information containing third prompt information.
The suspicious information in the steps is represented by text information inconsistent with the standard information in the privacy policy text and/or code information inconsistent with the standard information in the APP source code.
The category information may refer to the information type of the suspicious information, such as: the suspicious information is 'positioning information of a program receiving a satellite through a GPS chip', the category information corresponding to the suspicious information is 'position information', if the suspicious information is 'name, occupation, age and identification card number', the category information corresponding to the suspicious information is 'personal identity information'.
Optionally, the second prompt message may further include sensitivity level information corresponding to the first suspicious message.
Optionally, the third prompt message may further include sensitivity level information corresponding to the second suspicious message.
In practical application, sensitive level information corresponding to suspicious information may also be displayed in the compliance detection information, for example: the high sensitivity can indicate that the sensitivity level of the available information is high, and needs to pay special attention, and the obtained information may cause the leakage of personal privacy information of a user, thereby affecting the information security of the user. In order to explain the above method steps more intuitively, it can be explained with reference to fig. 3 and 4:
fig. 3 is a first interface diagram of compliance detection information generated in an embodiment of the present disclosure. As shown in fig. 3, in the compliance detection information interface generated for the personal information of the user, text information or code information that does not match the standard information may be color-labeled, and fig. 3 mainly illustrates an example in which information in the privacy policy text does not match the standard information. Compliance detection information corresponding to the source code is similar to the privacy policy text, and the description in the embodiment of the present specification is not repeated.
Of course, the above-mentioned "color labeling" is only used to highlight the inconsistent part, and besides the color labeling, the inconsistent part may be subjected to frame selection labeling, highlight display, underline annotation, and the like. Fig. 3 is a diagram illustrating only the selection of blocks. In addition to noting inconsistent portions, category annotations may also be made to inconsistent portions, such as: the name and the identification number are annotated with personal identity information, and the user account and the user nickname are annotated with user basic data. Of course, it is also possible to perform sensitivity level annotation on inconsistent portions, such as: the name and the identification number are annotated with high sensitivity, and the user account number and the user nickname are annotated with medium sensitivity.
Fig. 4 is a second interface diagram of compliance detection information generated in the embodiment of the present disclosure. As shown in fig. 4, for the device permission, the generated compliance detection information may display device permission information corresponding to the APP to be identified and inconsistent with the standard information, and perform color annotation and information type annotation. In fig. 4, the device authority determined from the source code is mainly taken as an example for display annotation. In fig. 4, it is shown that there are 7 suspicious device rights inconsistent with the standard information in the source code of the APP to be identified, including: obtaining position, creating/modifying/deleting call records, reading short messages, a camera, recording, starting up and using Bluetooth.
Wherein, the high sensitive equipment has 5, the medium sensitive equipment has 1, and the low sensitive equipment has 1. The equipment rights belonging to the high sensitivity class are: acquiring a position, creating/modifying/deleting a call record, reading a short message, a camera and recording; the equipment rights belonging to the medium sensitivity class are: starting up the computer; the equipment rights belonging to the low sensitivity class are: bluetooth is used.
In practical application, because the APP source code can be written by referring to the privacy policy text of the APP, at this time, whether the privacy policy text is consistent with the standard file or not can be compared first, and when the privacy policy text is consistent with the standard file, the source code can be compared with the privacy policy text or the standard file, and after comparison, the device authority information which does not exist in the standard file or the privacy policy text can be marked with a word "use unapplied" behind the corresponding information. In addition, inconsistent information may be typed. For example: the information type of the mark for the acquisition position is position information; the information type marked by 'newly creating/modifying/deleting call records and reading short messages' is 'social information'; the information type of the 'camera and recording' label is 'biological characteristic information'; the information type marked as 'starting up and using Bluetooth' is 'equipment state information'.
And sending the generated compliance detection information to an APP operator, wherein the APP operator can modify the privacy policy text and/or the APP source code according to the compliance detection information.
Through the method, before the APP is published, compliance detection can be automatically carried out on the APP, the APP operator does not return to the compliance detection information, the APP operator can conveniently and visually know the compliance of the APP to be identified, when the APP is not in compliance, the information which is not in compliance can be rapidly determined according to the compliance detection information and timely modified, the risk that the APP is forced to be off-shelf after being published is avoided, and the efficiency of the APP compliance detection is improved.
In addition, in the foregoing steps, in order to improve the effect of the NER model identification, the private political text may be preliminarily screened before the NER model is used, so as to improve the identification efficiency and the identification accuracy of the NER model identification. The method specifically comprises the following steps:
before the inputting the privacy policy text into the trained recognition model and obtaining the first information, which is required to be obtained by the application to be recognized and is represented in the privacy policy text, the method may further include:
performing initial identification on the privacy policy text by adopting a classification method, and judging whether the privacy policy text contains the first information;
and if the privacy policy text contains the first information, adopting the trained recognition model to recognize the privacy policy text.
The technical scheme in the embodiment of the specification can realize the following technical effects:
by adopting the method in the embodiment of the specification, conflicts of the standard file, the APP privacy policy text and the APP source code about the personal information and the equipment permission information of the user can be automatically compared, and APP privacy data compliance detection information is generated for the user to guide an APP operator to check the self-discipline and prevent in advance, so that the situation that the APP is not in line with the national legal regulations is avoided, and the business influence and unnecessary economic loss are reduced.
The method comprises the steps of recognizing user personal information in an APP privacy policy text by using a named entity recognition model (NER model) technology, marking the position and category information of the user personal information in the privacy policy text, and sending compliance detection information to an APP operator, so that the APP operator can visually know the compliance of the APP and the information position, the information type and the sensitivity level of an inconsistent part.
Based on the same idea, the embodiment of the present specification further provides a device corresponding to the above method. Fig. 5 is a schematic structural diagram of an information detection apparatus of an application according to an embodiment of the present disclosure. As shown in fig. 5, the apparatus may include:
a privacy policy text obtaining module 510, configured to obtain a privacy policy text of the application to be identified;
a first information determining module 520, configured to input the privacy policy text into a trained recognition model, so as to obtain first information that needs to be obtained by the application to be recognized and is represented in the privacy policy text; the first information comprises first user personal information and first equipment authority information which are required to be acquired by the application program to be identified;
a second information determining module 530, configured to determine second information that needs to be obtained by the application to be identified and is represented in the source code of the application to be identified; the second information comprises second user personal information and second equipment authority information which are required to be acquired by the application program to be identified;
a standard information obtaining module 540, configured to obtain standard information that the application to be identified is allowed to obtain; the standard information comprises standard user personal information and standard equipment authority information which are allowed to be acquired by the application program to be identified;
a first detecting module 550, configured to detect whether the first information is consistent with the standard information, to obtain a first detection result;
a second detecting module 560, configured to detect whether the second information is consistent with the standard information, to obtain a second detection result;
a compliance detection information generating module 570, configured to generate compliance detection information according to the first detection result and the second detection result.
The examples of this specification also provide some specific embodiments of the process based on the apparatus of fig. 5, which is described below.
Optionally, the compliance detection information generating module 570 may specifically include:
a compliance detection information first generation unit configured to generate compliance detection information including first prompt information when the first detection result indicates that the first information is consistent with the standard information and the second detection result indicates that the second information is consistent with the standard information; the first prompt information is used for prompting the compliance of the application program to be identified.
Optionally, the first information determining module 520 may specifically include:
the first user personal information determining unit is used for inputting the privacy policy text into a trained recognition model to obtain first user personal information which is expressed in the privacy policy text and needs to be obtained by the application program to be recognized;
the mapping relation acquisition unit is used for acquiring the mapping relation between the preset personal information of the user and the equipment authority;
and the first device authority information determining unit is used for determining first device authority information which is required to be acquired by the application program to be identified and is represented in the privacy policy text according to the first user personal information and the mapping relation between the user personal information and the device authority information.
Optionally, the second information determining module 530 may specifically include:
the source code acquisition unit is used for acquiring the source code of the application program to be identified;
and the second user personal information and second equipment authority information determining unit is used for analyzing and identifying the source code and determining the second user personal information and the second equipment authority information represented in the source code.
Optionally, the standard information obtaining module 540 may specifically include:
the function type determining unit is used for determining the function type of the application program to be identified;
the standard file acquisition unit is used for acquiring a standard file corresponding to the application program to be identified according to the function type;
a standard user personal information and standard equipment authority information determining unit, configured to determine, from the standard file, the standard user personal information and the standard equipment authority information that are allowed to be acquired by the application to be identified; the standard document is issued by a third party organization.
Optionally, the compliance detection information generating module 570 may specifically include:
a second compliance detection information generation unit configured to generate compliance detection information including second prompt information when the first detection result indicates that the first information is inconsistent with the standard information; the second prompt message is used for prompting the part of the first message, which is inconsistent with the standard message;
and/or a compliance detection information third generating unit, configured to generate compliance detection information including third prompt information when the second detection result indicates that the second information is inconsistent with the standard information; the third prompting message is used for prompting the part of the second message, which is inconsistent with the standard message.
Optionally, the second compliance detection information generating unit may be specifically configured to:
determining first suspicious information inconsistent with the standard information in the first information;
determining first category information corresponding to the first suspicious information; and performing color marking on the text information corresponding to the first suspicious information in the privacy policy text, and annotating the information type of the text information according to the first type of information to obtain compliance detection information containing the second prompt information.
Optionally, the compliance detection information third generating unit may be specifically configured to:
determining second suspicious information inconsistent with the standard information in the second information;
determining second category information corresponding to the second suspicious information;
and performing color marking on code information corresponding to the second suspicious information in the source code of the application program to be identified, and performing annotation on the information type of the code information according to the second category information to obtain compliance detection information containing third prompt information.
Optionally, the second prompt message may further include sensitivity level information corresponding to the first suspicious message.
Optionally, the third prompt message may further include sensitivity level information corresponding to the second suspicious message.
Optionally, the apparatus may further include:
and the compliance detection information sending module is used for sending the compliance detection information to an operator of the application program to be identified so as to prompt the operator to modify the privacy policy text and/or the source code according to the compliance detection information.
Optionally, the recognition model may be a named entity recognition model;
the apparatus may further include:
the identification model training module is used for acquiring privacy policy text samples corresponding to APPs (application program) of the personal information and the equipment authority information of the known users;
performing sequence labeling and category labeling on the user personal information and the equipment authority information in the privacy policy text sample by adopting a BIOE labeling method to obtain a labeled training sample;
training the initial named entity recognition model by using the marked training sample to obtain a trained named entity recognition model;
adopting the trained named entity recognition model to recognize the privacy policy text sample corresponding to the APP to obtain a recognition result;
determining the accuracy corresponding to the trained named entity recognition model according to the recognition result, the known personal information of the user and the known equipment authority information;
and adjusting training parameters corresponding to the named entity recognition model according to the accuracy until the accuracy meets a preset accuracy, so as to obtain the trained named entity recognition model.
Optionally, the first information determining module 520 may be specifically configured to:
and identifying the privacy policy text by adopting the named entity identification model, and determining the position of the first user personal information in the privacy policy text and the category of the first user personal information.
Optionally, the apparatus may further include:
the initial identification module is used for carrying out initial identification on the privacy policy text by adopting a classification method and judging whether the privacy policy text contains the first information or not;
and if the privacy policy text contains the first information, adopting the trained recognition model to recognize the privacy policy text.
Based on the same idea, the embodiment of the present specification further provides a device corresponding to the above method.
Fig. 6 is a schematic structural diagram of an information detection device of an application provided in an embodiment of this specification. As shown in fig. 6, the apparatus 600 may include:
at least one processor 610; and the number of the first and second groups,
a memory 630 communicatively coupled to the at least one processor; wherein,
the memory 630 stores instructions 620 executable by the at least one processor 610 to enable the at least one processor 610 to:
acquiring a privacy policy text of an application program to be identified;
inputting the privacy policy text into a trained recognition model to obtain first information which is expressed in the privacy policy text and needs to be obtained by the application program to be recognized; the first information comprises first user personal information and first equipment authority information which are required to be acquired by the application program to be identified;
determining second information which is required to be acquired by the application program to be identified and is represented in the source code of the application program to be identified; the second information comprises second user personal information and second equipment authority information which are required to be acquired by the application program to be identified;
acquiring standard information which is allowed to be acquired by the application program to be identified; the standard information comprises standard user personal information and standard equipment authority information which are allowed to be acquired by the application program to be identified;
detecting whether the first information is consistent with the standard information or not to obtain a first detection result;
detecting whether the second information is consistent with the standard information or not to obtain a second detection result;
and generating compliance detection information according to the first detection result and the second detection result.
Based on the same idea, the embodiment of the present specification further provides a computer-readable medium corresponding to the above method. The computer readable medium has computer readable instructions stored thereon that are executable by a processor to implement the method of:
acquiring a privacy policy text of an application program to be identified;
inputting the privacy policy text into a trained recognition model to obtain first information which is expressed in the privacy policy text and needs to be obtained by the application program to be recognized; the first information comprises first user personal information and first equipment authority information which are required to be acquired by the application program to be identified;
determining second information which is required to be acquired by the application program to be identified and is represented in the source code of the application program to be identified; the second information comprises second user personal information and second equipment authority information which are required to be acquired by the application program to be identified;
acquiring standard information which is allowed to be acquired by the application program to be identified; the standard information comprises standard user personal information and standard equipment authority information which are allowed to be acquired by the application program to be identified;
detecting whether the first information is consistent with the standard information or not to obtain a first detection result;
detecting whether the second information is consistent with the standard information or not to obtain a second detection result;
and generating compliance detection information according to the first detection result and the second detection result.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, as for the information detection device of the application program shown in fig. 6, since it is basically similar to the method embodiment, the description is relatively simple, and the relevant points can be referred to the partial description of the method embodiment.
In the 90 s of the 20 th century, improvements in a technology could clearly distinguish between improvements in hardware (e.g., improvements in circuit structures such as diodes, transistors, switches, etc.) and improvements in software (improvements in process flow). However, as technology advances, many of today's process flow improvements have been seen as direct improvements in hardware circuit architecture. Designers almost always obtain the corresponding hardware circuit structure by programming an improved method flow into the hardware circuit. Thus, it cannot be said that an improvement in the process flow cannot be realized by hardware physical modules. For example, a Programmable Logic Device (PLD), such as a Field Programmable Gate Array (FPGA), is an integrated circuit whose Logic functions are determined by programming the Device by a user. A digital character system is "integrated" on a PLD by the designer's own programming without requiring the chip manufacturer to design and fabricate a dedicated integrated circuit chip. Furthermore, nowadays, instead of manually making an Integrated Circuit chip, such Programming is often implemented by "logic compiler" software, which is similar to a software compiler used in program development and writing, but the original code before compiling is also written by a specific Programming Language, which is called Hardware Description Language (HDL), and HDL is not only one but many, such as abel (advanced Boolean Expression Language), ahdl (alternate Hardware Description Language), traffic, pl (core universal Programming Language), HDCal (jhdware Description Language), lang, Lola, HDL, laspam, hardward Description Language (vhr Description Language), vhal (Hardware Description Language), and vhigh-Language, which are currently used in most common. It will also be apparent to those skilled in the art that hardware circuitry that implements the logical method flows can be readily obtained by merely slightly programming the method flows into an integrated circuit using the hardware description languages described above.
The controller may be implemented in any suitable manner, for example, the controller may take the form of, for example, a microprocessor or processor and a computer-readable medium storing computer-readable program code (e.g., software or firmware) executable by the (micro) processor, logic gates, switches, an Application Specific Integrated Circuit (ASIC), a programmable logic controller, and an embedded microcontroller, examples of which include, but are not limited to, the following microcontrollers: ARC 625D, Atmel AT91SAM, Microchip PIC18F26K20, and Silicone Labs C8051F320, the memory controller may also be implemented as part of the control logic for the memory. Those skilled in the art will also appreciate that, in addition to implementing the controller as pure computer readable program code, the same functionality can be implemented by logically programming method steps such that the controller is in the form of logic gates, switches, application specific integrated circuits, programmable logic controllers, embedded microcontrollers and the like. Such a controller may thus be considered a hardware component, and the means included therein for performing the various functions may also be considered as a structure within the hardware component. Or even means for performing the functions may be regarded as being both a software module for performing the method and a structure within a hardware component.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
For convenience of description, the above devices are described as being divided into various units by function, and are described separately. Of course, the functionality of the units may be implemented in one or more software and/or hardware when implementing the present application.
As will be appreciated by one skilled in the art, embodiments of the present invention may be provided as a method, system, or computer program product. Accordingly, the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present invention may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
In a typical configuration, a computing device includes one or more processors (CPUs), input/output interfaces, network interfaces, and memory.
The memory may include forms of volatile memory in a computer readable medium, Random Access Memory (RAM) and/or non-volatile memory, such as Read Only Memory (ROM) or flash memory (flash RAM). Memory is an example of a computer-readable medium.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Disks (DVD) or other optical storage, magnetic cassettes, magnetic tape disk storage or other magnetic storage devices, or any other non-transmission medium which can be used to store information which can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
As will be appreciated by one skilled in the art, embodiments of the present application may be provided as a method, system, or computer program product. Accordingly, the present application may take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment combining software and hardware aspects. Furthermore, the present application may take the form of a computer program product embodied on one or more computer-usable storage media (including, but not limited to, disk storage, CD-ROM, optical storage, and the like) having computer-usable program code embodied therein.
The application may be described in the general context of computer-executable instructions, such as program modules, being executed by a computer. Generally, program modules include routines, programs, objects, components, data structures, etc. that perform particular tasks or implement particular abstract data types. The application may also be practiced in distributed computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed computing environment, program modules may be located in both local and remote computer storage media including memory storage devices.
The above description is only an example of the present application and is not intended to limit the present application. Various modifications and changes may occur to those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the scope of the claims of the present application.

Claims (34)

1. An information detection method of an application program comprises the following steps:
acquiring a privacy policy text of an application program to be identified;
inputting the privacy policy text into a trained recognition model to obtain first information which is expressed in the privacy policy text and needs to be obtained by the application program to be recognized;
determining second information which is required to be acquired by the application program to be identified and is represented in the source code of the application program to be identified;
acquiring standard information which is allowed to be acquired by the application program to be identified;
detecting whether the first information is consistent with the standard information or not to obtain a first detection result;
detecting whether the second information is consistent with the standard information or not to obtain a second detection result;
and generating compliance detection information according to the first detection result and the second detection result.
2. The method of claim 1, wherein the first information includes first user personal information and first device authority information to be acquired by the application to be identified; the second information comprises second user personal information and second equipment authority information which are required to be acquired by the application program to be identified; the standard information comprises standard user personal information and standard equipment authority information which are allowed to be acquired by the application program to be identified.
3. The method according to claim 1, wherein the obtaining of the standard information that the application to be identified is allowed to obtain specifically includes:
determining the function type of the application program to be identified;
acquiring a standard file corresponding to the application program according to the function type;
determining the standard user personal information and the standard equipment authority information which are allowed to be acquired by the application program from the standard file; the standard document is issued by a third party organization.
4. The method according to claim 1, wherein the generating compliance detection information according to the first detection result and the second detection result specifically includes:
when the first detection result shows that the first information is inconsistent with the standard information, generating compliance detection information containing second prompt information; the second prompt message is used for prompting the part of the first message, which is inconsistent with the standard message;
and/or generating compliance detection information containing third prompt information when the second detection result shows that the second information is inconsistent with the standard information; the third prompting message is used for prompting the part of the second message, which is inconsistent with the standard message.
5. The method according to claim 1, wherein the generating compliance detection information specifically includes:
when the first detection result shows that the first information is consistent with the standard information and the second detection result shows that the second information is consistent with the standard information, generating compliance detection information containing first prompt information; the first prompt information is used for prompting the compliance of the application program to be identified.
6. The method according to claim 1, wherein the inputting the privacy policy text into the trained recognition model to obtain the first information, which is required to be obtained by the application to be recognized and is represented in the privacy policy text, specifically includes:
inputting the privacy policy text into a trained recognition model to obtain first user personal information which is represented in the privacy policy text and needs to be acquired by the application program to be recognized;
acquiring a mapping relation between preset user personal information and equipment authority;
and determining first equipment authority information which is required to be acquired by the application program to be identified and is represented in the privacy policy text according to the first user personal information and the mapping relation between the user personal information and the equipment authority information.
7. The method according to claim 1, wherein the determining of the second information to be acquired, which is represented in the source code of the application to be identified, specifically includes:
acquiring a source code of the application program to be identified;
and analyzing and identifying the source code, and determining the second user personal information and the second equipment authority information represented in the source code.
8. The method according to claim 1, wherein the generating compliance detection information including the second prompt information specifically includes:
determining first suspicious information inconsistent with the standard information in the first information;
determining first category information corresponding to the first suspicious information; and performing color marking on the text information corresponding to the first suspicious information in the privacy policy text, and annotating the information type of the text information according to the first type of information to obtain compliance detection information containing the second prompt information.
9. The method according to claim 1, wherein the generating compliance detection information including the third prompt information specifically includes:
determining second suspicious information inconsistent with the standard information in the second information;
determining second category information corresponding to the second suspicious information;
and performing color marking on code information corresponding to the second suspicious information in the source code of the application program to be identified, and performing annotation on the information type of the code information according to the second category information to obtain compliance detection information containing third prompt information.
10. The method of claim 8, wherein the second prompting message further includes sensitivity level information corresponding to the first suspicious message.
11. The method of claim 9, wherein the third prompting message further includes sensitivity level information corresponding to the second suspicious message.
12. The method of claim 1, after generating compliance detection information, further comprising:
and sending the compliance detection information to an operator of the application program to be identified so as to prompt the operator to modify the privacy policy text and/or the source code according to the compliance detection information.
13. The method of claim 1, the recognition model being a named entity recognition model;
before the inputting the privacy policy text into the trained recognition model and obtaining the first information, which is required to be obtained by the application program to be recognized and is represented in the privacy policy text, the method further includes:
acquiring privacy policy text samples corresponding to APPs (application program) of known user personal information and equipment permission information;
performing sequence labeling and category labeling on the user personal information and the equipment authority information in the privacy policy text sample by adopting a BIOE labeling method to obtain a labeled training sample;
training the initial named entity recognition model by using the marked training sample to obtain a trained named entity recognition model;
adopting the trained named entity recognition model to recognize the privacy policy text sample corresponding to the APP to obtain a recognition result;
determining the accuracy corresponding to the trained named entity recognition model according to the recognition result, the known personal information of the user and the known equipment authority information;
and adjusting training parameters corresponding to the named entity recognition model according to the accuracy until the accuracy meets a preset accuracy, so as to obtain the trained named entity recognition model.
14. The method of claim 1, the recognition model being a keyword matching model.
15. The method according to claim 13, wherein the inputting the privacy policy text into the trained recognition model to obtain the first information, which is required to be obtained by the application to be recognized and is represented in the privacy policy text, specifically includes:
and identifying the privacy policy text by adopting the named entity identification model, and determining the position of the first user personal information in the privacy policy text and the category of the first user personal information.
16. The method of claim 1, before inputting the privacy policy text into the trained recognition model and obtaining the first information to be obtained by the application to be recognized, which is represented in the privacy policy text, further comprising:
performing initial identification on the privacy policy text by adopting a classification method, and judging whether the privacy policy text contains the first information;
and if the privacy policy text contains the first information, adopting the trained recognition model to recognize the privacy policy text.
17. The method of claim 1, wherein the first user profile includes at least one or more of user profile information, transaction information, location information, communication information, network access logs, account information, friend information, and account information;
the first device authority information at least comprises one or more of position authority, storage authority, reading device state authority, call record authority, short message authority and camera authority.
18. An information detection apparatus of an application, comprising:
the privacy policy text acquisition module is used for acquiring the privacy policy text of the application program to be identified;
the first information determining module is used for inputting the privacy policy text into a trained recognition model to obtain first information which is expressed in the privacy policy text and needs to be obtained by the application program to be recognized;
the second information determining module is used for determining second information which needs to be acquired by the application program to be identified and is represented in the source code of the application program to be identified;
the standard information acquisition module is used for acquiring standard information which is allowed to be acquired by the application program to be identified;
the first detection module is used for detecting whether the first information is consistent with the standard information or not to obtain a first detection result;
the second detection module is used for detecting whether the second information is consistent with the standard information or not to obtain a second detection result;
and the compliance detection information generating module is used for generating compliance detection information according to the first detection result and the second detection result.
19. The apparatus of claim 18, wherein the first information includes first user personal information and first device permission information to be acquired by the application to be identified; the second information comprises second user personal information and second equipment authority information which are required to be acquired by the application program to be identified; the standard information comprises standard user personal information and standard equipment authority information which are allowed to be acquired by the application program to be identified.
20. The apparatus according to claim 18, wherein the standard information obtaining module specifically includes:
the function type determining unit is used for determining the function type of the application program to be identified;
the standard file acquisition unit is used for acquiring a standard file corresponding to the application program according to the function type;
a standard user personal information and standard device authority information determining unit, configured to determine, from the standard file, the standard user personal information and the standard device authority information that the application program is allowed to acquire; the standard document is issued by a third party organization.
21. The apparatus according to claim 18, wherein the compliance detection information generating module specifically includes:
a second compliance detection information generation unit configured to generate compliance detection information including second prompt information when the first detection result indicates that the first information is inconsistent with the standard information; the second prompt message is used for prompting the part of the first message, which is inconsistent with the standard message;
and/or a compliance detection information third generating unit, configured to generate compliance detection information including third prompt information when the second detection result indicates that the second information is inconsistent with the standard information; the third prompting message is used for prompting the part of the second message, which is inconsistent with the standard message.
22. The apparatus according to claim 18, wherein the compliance detection information generating module specifically includes:
a compliance detection information first generation unit configured to generate compliance detection information including first prompt information when the first detection result indicates that the first information is consistent with the standard information and the second detection result indicates that the second information is consistent with the standard information; the first prompt information is used for prompting the compliance of the application program to be identified.
23. The apparatus of claim 18, wherein the first information determining module specifically comprises:
the first user personal information determining unit is used for inputting the privacy policy text into a trained recognition model to obtain first user personal information which is expressed in the privacy policy text and needs to be obtained by the application program to be recognized;
the mapping relation acquisition unit is used for acquiring the mapping relation between the preset personal information of the user and the equipment authority;
and the first device authority information determining unit is used for determining first device authority information which is required to be acquired by the application program to be identified and is represented in the privacy policy text according to the first user personal information and the mapping relation between the user personal information and the device authority information.
24. The apparatus according to claim 18, wherein the second information determining module specifically includes:
the source code acquisition unit is used for acquiring the source code of the application program to be identified;
and the second user personal information and second equipment authority information determining unit is used for analyzing and identifying the source code and determining the second user personal information and the second equipment authority information represented in the source code.
25. The apparatus according to claim 18, wherein the second compliance detection information generating unit is specifically configured to:
determining first suspicious information inconsistent with the standard information in the first information;
determining first category information corresponding to the first suspicious information; and performing color marking on the text information corresponding to the first suspicious information in the privacy policy text, and annotating the information type of the text information according to the first type of information to obtain compliance detection information containing the second prompt information.
26. The apparatus according to claim 18, wherein the compliance detection information third generating unit is specifically configured to:
determining second suspicious information inconsistent with the standard information in the second information;
determining second category information corresponding to the second suspicious information;
and performing color marking on code information corresponding to the second suspicious information in the source code of the application program to be identified, and performing annotation on the information type of the code information according to the second category information to obtain compliance detection information containing third prompt information.
27. The apparatus of claim 25, wherein the second prompting message further includes sensitivity level information corresponding to the first suspicious message.
28. The apparatus according to claim 26, wherein the third prompting message further includes sensitivity level information corresponding to the second suspicious information.
29. The apparatus of claim 18, the apparatus further comprising:
and the compliance detection information sending module is used for sending the compliance detection information to an operator of the application program to be identified so as to prompt the operator to modify the privacy policy text and/or the source code according to the compliance detection information.
30. The apparatus of claim 18, the recognition model is a named entity recognition model;
the device, still include:
the identification model training module is used for acquiring privacy policy text samples corresponding to APPs (application program) of the personal information and the equipment authority information of the known users;
performing sequence labeling and category labeling on the user personal information and the equipment authority information in the privacy policy text sample by adopting a BIOE labeling method to obtain a labeled training sample;
training the initial named entity recognition model by using the marked training sample to obtain a trained named entity recognition model;
adopting the trained named entity recognition model to recognize the privacy policy text sample corresponding to the APP to obtain a recognition result;
determining the accuracy corresponding to the trained named entity recognition model according to the recognition result, the known personal information of the user and the known equipment authority information;
and adjusting training parameters corresponding to the named entity recognition model according to the accuracy until the accuracy meets a preset accuracy, so as to obtain the trained named entity recognition model.
31. The apparatus of claim 30, wherein the first information determining module is specifically configured to:
and identifying the privacy policy text by adopting the named entity identification model, and determining the position of the first user personal information in the privacy policy text and the category of the first user personal information.
32. The apparatus of claim 18, the apparatus further comprising:
the initial identification module is used for carrying out initial identification on the privacy policy text by adopting a classification method and judging whether the privacy policy text contains the first information or not;
and if the privacy policy text contains the first information, adopting the trained recognition model to recognize the privacy policy text.
33. An information detection apparatus of an application program, comprising:
at least one processor; and the number of the first and second groups,
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to:
acquiring a privacy policy text of an application program to be identified;
inputting the privacy policy text into a trained recognition model to obtain first information which is expressed in the privacy policy text and needs to be obtained by the application program to be recognized;
determining second information which is required to be acquired by the application program to be identified and is represented in the source code of the application program to be identified;
acquiring standard information which is allowed to be acquired by the application program to be identified;
detecting whether the first information is consistent with the standard information or not to obtain a first detection result;
detecting whether the second information is consistent with the standard information or not to obtain a second detection result;
and generating compliance detection information according to the first detection result and the second detection result.
34. A computer-readable medium having stored thereon computer-readable instructions executable by a processor to implement the information detection method of the application program of any one of claims 1 to 17.
CN202111165804.3A 2020-11-10 2020-11-10 Information detection method, device and equipment for application program Pending CN113886584A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202111165804.3A CN113886584A (en) 2020-11-10 2020-11-10 Information detection method, device and equipment for application program

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202111165804.3A CN113886584A (en) 2020-11-10 2020-11-10 Information detection method, device and equipment for application program
CN202011247122.2A CN112199506B (en) 2020-11-10 2020-11-10 Information detection method, device and equipment for application program

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
CN202011247122.2A Division CN112199506B (en) 2020-11-10 2020-11-10 Information detection method, device and equipment for application program

Publications (1)

Publication Number Publication Date
CN113886584A true CN113886584A (en) 2022-01-04

Family

ID=74034384

Family Applications (2)

Application Number Title Priority Date Filing Date
CN202011247122.2A Active CN112199506B (en) 2020-11-10 2020-11-10 Information detection method, device and equipment for application program
CN202111165804.3A Pending CN113886584A (en) 2020-11-10 2020-11-10 Information detection method, device and equipment for application program

Family Applications Before (1)

Application Number Title Priority Date Filing Date
CN202011247122.2A Active CN112199506B (en) 2020-11-10 2020-11-10 Information detection method, device and equipment for application program

Country Status (1)

Country Link
CN (2) CN112199506B (en)

Families Citing this family (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112199506B (en) * 2020-11-10 2021-08-24 支付宝(杭州)信息技术有限公司 Information detection method, device and equipment for application program
CN112749088B (en) * 2021-01-13 2023-02-17 挂号网(杭州)科技有限公司 Application program detection method and device, electronic equipment and storage medium
CN112835613B (en) * 2021-01-29 2022-05-17 宝宝巴士股份有限公司 APP privacy policy content management method
CN112818372A (en) * 2021-02-23 2021-05-18 挂号网(杭州)科技有限公司 Authority display information processing method, device, electronic device and storage medium
CN113076538B (en) * 2021-04-02 2021-12-14 北京邮电大学 Method for extracting embedded privacy policy of mobile application APK file
CN113139186A (en) * 2021-04-14 2021-07-20 北京开元华创信息技术有限公司 Personal information security audit evaluation system
CN113065126B (en) * 2021-06-03 2022-05-27 北京数安行科技有限公司 Personal information compliance method and device based on distributed data sandbox
CN113505374A (en) * 2021-07-12 2021-10-15 恒安嘉新(北京)科技股份公司 Information acquisition range detection method and device, electronic equipment and medium
CN113688033A (en) * 2021-07-20 2021-11-23 荣耀终端有限公司 Privacy compliance detection method and computer readable storage medium
CN113849785B (en) * 2021-07-29 2024-01-30 国家计算机网络与信息安全管理中心 Mobile terminal information asset use behavior identification method for application program
CN113704102B (en) * 2021-08-24 2024-06-21 国家计算机网络与信息安全管理中心 Application program compliance detection method, device, equipment and medium
CN113691989A (en) * 2021-09-03 2021-11-23 中国银行股份有限公司 Personal information protection method and device
CN113822036B (en) * 2021-09-28 2022-07-12 百度在线网络技术(北京)有限公司 Privacy policy content generation method and device and electronic equipment
CN114676432B (en) * 2022-05-26 2022-09-09 河北兰科网络工程集团有限公司 APP privacy compliance checking method, terminal and system

Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6029147A (en) * 1996-03-15 2000-02-22 Microsoft Corporation Method and system for providing an interface for supporting multiple formats for on-line banking services
CN108804912A (en) * 2018-06-15 2018-11-13 北京大学 A kind of application program based on authority set difference is gone beyond one's commission detection method
CN109598127A (en) * 2018-12-07 2019-04-09 百度在线网络技术(北京)有限公司 Privacy risk appraisal procedure and device
KR20200019060A (en) * 2018-08-13 2020-02-21 인제대학교 산학협력단 Risk identification of personally identifiable information from collective mobile app data
CN111143831A (en) * 2019-12-24 2020-05-12 平安普惠企业管理有限公司 Installation package privacy permission scanning method and device and computer equipment
JP2020135433A (en) * 2019-02-20 2020-08-31 株式会社日本総合研究所 Savings box, saving system, financial institution device, method thereof, and program
CN111753322A (en) * 2020-07-03 2020-10-09 烟台中科网络技术研究所 Automatic verification method and system for mobile App permission list
CN112199506A (en) * 2020-11-10 2021-01-08 支付宝(杭州)信息技术有限公司 Information detection method, device and equipment for application program

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2005022391A1 (en) * 2003-08-28 2005-03-10 International Business Machines Corporation Database system, information acquisition enabled/disabled inspection system, information acquisition method, and program
CN103810424B (en) * 2012-11-05 2017-02-08 腾讯科技(深圳)有限公司 Method and device for identifying abnormal application programs
CN104346566A (en) * 2013-07-31 2015-02-11 腾讯科技(深圳)有限公司 Method, device, terminal, server and system for detecting privacy authority risks
JP6437892B2 (en) * 2015-07-13 2018-12-12 日本電信電話株式会社 Software analysis system, software analysis method, and software analysis program
CN110414241B (en) * 2019-08-05 2021-08-27 深圳市网安计算机安全检测技术有限公司 Privacy policy detection method and device, computer equipment and storage medium
CN111190603B (en) * 2019-12-18 2021-07-06 腾讯科技(深圳)有限公司 Private data detection method and device and computer readable storage medium
CN111835756B (en) * 2020-07-10 2023-02-03 深圳市网安计算机安全检测技术有限公司 APP privacy compliance detection method and device, computer equipment and storage medium

Patent Citations (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6029147A (en) * 1996-03-15 2000-02-22 Microsoft Corporation Method and system for providing an interface for supporting multiple formats for on-line banking services
CN108804912A (en) * 2018-06-15 2018-11-13 北京大学 A kind of application program based on authority set difference is gone beyond one's commission detection method
KR20200019060A (en) * 2018-08-13 2020-02-21 인제대학교 산학협력단 Risk identification of personally identifiable information from collective mobile app data
CN109598127A (en) * 2018-12-07 2019-04-09 百度在线网络技术(北京)有限公司 Privacy risk appraisal procedure and device
JP2020135433A (en) * 2019-02-20 2020-08-31 株式会社日本総合研究所 Savings box, saving system, financial institution device, method thereof, and program
CN111143831A (en) * 2019-12-24 2020-05-12 平安普惠企业管理有限公司 Installation package privacy permission scanning method and device and computer equipment
CN111753322A (en) * 2020-07-03 2020-10-09 烟台中科网络技术研究所 Automatic verification method and system for mobile App permission list
CN112199506A (en) * 2020-11-10 2021-01-08 支付宝(杭州)信息技术有限公司 Information detection method, device and equipment for application program

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
JOHNM.BORKY: "基于模型的系统工程有效方法", 30 September 2020, 北京航空航天大学出版社, pages: 0296 *
李媛;刘海峰;李晨旸: "移动政务App用户个人信息安全防范探讨", 保密科学技术, 20 March 2020 (2020-03-20), pages 0031 *

Also Published As

Publication number Publication date
CN112199506B (en) 2021-08-24
CN112199506A (en) 2021-01-08

Similar Documents

Publication Publication Date Title
CN112199506B (en) Information detection method, device and equipment for application program
AU2019216644B2 (en) Automation and digitizalization of document processing systems
Ciurumelea et al. Analyzing reviews and code of mobile apps for better release planning
Zimmeck et al. Privee: An architecture for automatically analyzing web privacy policies
CN112214418B (en) Application compliance detection method and device and electronic equipment
CN112257114A (en) Application privacy compliance detection method, device, equipment and medium
CN111984779B (en) Dialogue text analysis method, device, equipment and readable medium
CN113939792A (en) User interface for machine language model creation
CN110263157B (en) Data risk prediction method, device and equipment
CN111324739B (en) Text emotion analysis method and system
CN114648392A (en) Product recommendation method and device based on user portrait, electronic equipment and medium
CN110674188A (en) Feature extraction method, device and equipment
Ravichander et al. Breaking down walls of text: How can nlp benefit consumer privacy?
Windl et al. Automating contextual privacy policies: Design and evaluation of a production tool for digital consumer privacy awareness
CN112015869A (en) Risk detection method, device and equipment for text to be issued
CN114758327A (en) Method, device and equipment for identifying risks in code image
CN112132238A (en) Method, device, equipment and readable medium for identifying private data
CN112287071A (en) Text relation extraction method and device and electronic equipment
CN111488737B (en) Text recognition method, device and equipment
CN113220885A (en) Text processing method and system
CN117272982A (en) Protocol text detection method and device based on large language model
CN113837772B (en) Method, device and equipment for auditing marketing information
WO2023167727A1 (en) Story message generation
CN114840668A (en) Network text auditing method, electronic equipment and storage medium
CN114969266A (en) Bill processing method and device

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination