CN113886854A - Android platform based permission monitoring and managing method and device - Google Patents
Android platform based permission monitoring and managing method and device Download PDFInfo
- Publication number
- CN113886854A CN113886854A CN202111200914.9A CN202111200914A CN113886854A CN 113886854 A CN113886854 A CN 113886854A CN 202111200914 A CN202111200914 A CN 202111200914A CN 113886854 A CN113886854 A CN 113886854A
- Authority
- CN
- China
- Prior art keywords
- authority
- service
- monitoring
- system service
- detection
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2141—Access rights, e.g. capability lists, access control lists, access tables, access matrices
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Automation & Control Theory (AREA)
- Telephonic Communication Services (AREA)
Abstract
The invention discloses a method and a device for monitoring and managing permission based on an android platform, and relates to the technical field of android development safety. One class is customized to inherit all used in the APP through inheriting the Activity and the Application class, and a rewriting authority detection method and a system service method are intercepted; the interceptor is intercepted and then handed to an authority judger, the authority judger sets authority and service monitoring switch to control the use of the authority and the service by adding monitored system service and a corresponding authority list in a user-defined manner, carries out authority detection and authority judgment of the system service, calls the authority detection of a parent system or reflects a method for calling the parent system by the system service, returns a result to a calling party, and finishes the operation. The method can better monitor and manage the third-party service permission in the APP, is safer for the user to use, avoids safety risks for developers and enterprises in which the developers and enterprises are located, and has a wide application prospect.
Description
Technical Field
The invention relates to the technical field of android development safety, in particular to a method and a device for monitoring and managing authority based on an android platform.
Background
Due to the fact that the openness and the authority function of the android system are incomplete, various bugs and incomplete functions exist in the safety aspect of the android system, and various problems exist in the authority safety management aspect of developers particularly. The method is characterized in that the APP of a developer inevitably uses some third-party libraries and third-party SDKs (third-party function libraries and third-party application services are subsequently collectively called as third-party services), development is convenient, and meanwhile the APP of the developer cannot monitor and manage authority usage of the accessed third-party services. The use of the authority is completely separated from the control of an APP developer, potential safety hazards are brought to users, and risks are brought to the developer and the enterprise where the developer is located. With the emphasis on user privacy of the China network, the APP rectification is more and more strict, and the APP market is always off-shelf and has huge loss due to the abuse of access to third-party service permissions.
In order to solve the above problems, it is particularly necessary to develop a method and an apparatus for monitoring and managing rights based on an android platform.
Disclosure of Invention
Aiming at the defects in the prior art, the invention aims to provide the method and the device for monitoring and managing the permission based on the android platform, which can better monitor and manage the use of the third-party service permission in the APP, ensure that a user can use the APP more safely, avoid the safety risk for developers and enterprises where the developers and the enterprises are located, and are easy to popularize and use.
In order to achieve the purpose, the invention is realized by the following technical scheme: a method for monitoring and managing authority based on an android platform comprises the following steps:
(1) an interceptor: by inheriting the Activity and the Application class, a class of a Base is customized to inherit all the activities and the applications used in the APP, and a checking permission (int pid) permission detection method and a getSystemservice (String name) system service method of the activities and the applications are rewritten to intercept;
(2) the interceptor is delivered to an authority determiner after interception, and the authority determiner sets authority and service monitoring switch to control the use of the authority and service by adding monitored system service and a corresponding authority list in a user-defined manner;
(3) and (3) permission judgment:
(ii) authority detection (checkpermissisio ()): if the detection authority belongs to the monitoring authority and the authority switch is turned off, directly returning to the state without the authority to the calling party, and finishing the operation; if the current state of;
system service (getsysteservice ()): when system service is obtained, a corresponding authority list is obtained according to the service name, if the authority list is traversed and judged to belong to the monitoring authority and the authority switch is closed, the Null object is directly returned to a calling party, calling is not given, and operation is finished; otherwise, the traversal authority list belongs to the non-monitoring authority, or the traversal authority list has the monitoring authority but the authority switch is turned on, and then the next step is directly executed;
(4) and calling the authority detection of the parent system, or the system service:
(ii) authority detection (checkpermissisio ()): directly skipping the methods of the subclasses of Activity or Application through reflection, and calling the permission detection checkPermission () method of the ContextWrapper of the parent class;
system service (getsysteservice ()): directly skipping the methods of the subclasses of Activity or Application through reflection, and calling the system service getSystemService () method of the ContextWrapper parent;
(5) and reflecting the method for calling the parent class, returning the result to the calling party, and finishing the operation.
Preferably, the specific process of authority detection is as follows: firstly, initiating authority detection, detecting authority and judging whether the authority is a monitored authority: if not, the parent detection method is called in a reflection mode; if yes, whether the authority is allowed to be used is detected, if the authority is allowed to be used, a parent detection method is reflected and called, system authority detection is initiated, and a system detection result is returned; if the permission is not allowed to be used, returning a result of not allowing to be called, and ending the operation.
Preferably, the specific flow of the system service is as follows: firstly, calling a system service, acquiring an authority list according to a system service name, detecting authority and judging whether the authority is a monitored authority: if not, reflecting and calling the parent system service; if yes, whether the authority is allowed to be used is detected, if the authority is allowed to be used, the parent system service is called in a reflection mode, the system service is called, and the system service is returned; if the authority is not allowed to be used, returning a NULL service object result, and ending the operation.
A device based on android platform authority monitoring and management comprises an interceptor, an authority determiner and a parent method reflector, wherein the interceptor is used for intercepting a checkpoint permission (int pid) authority detection method and a getSystemservice (strongname) system service method of Activity and Application; the authority judger is used for judging whether the authority belongs to the monitoring authority and the authority switch is closed, and can add monitoring service and a corresponding monitoring authority list; the parent method reflector is used for reflecting the method for calling the parent, skipping the interceptor and returning the bottom result of the system to the calling party.
The invention has the beneficial effects that: the invention can better monitor and manage the use of the third-party service permission in the APP, enables the APP owner to better monitor the use of the permission through permission monitoring, avoids the loss caused by permission abuse, is safer for the user to use, avoids the safety risk for developers and enterprises at the same time, and has wide application prospect.
Drawings
The invention is described in detail below with reference to the drawings and the detailed description;
FIG. 1 is a general framework of the present invention;
FIG. 2 is a flow chart of privilege detection in accordance with the present invention;
FIG. 3 is a flow chart of the system services of the present invention.
Detailed Description
In order to make the technical means, the creation characteristics, the achievement purposes and the effects of the invention easy to understand, the invention is further described with the specific embodiments.
Referring to fig. 1 to 3, the following technical solutions are adopted in the present embodiment: a method for monitoring and managing authority based on an android platform comprises the following steps:
(1) an interceptor: a Base class is customized to inherit all activities and applications used in an APP by inheriting the activities and applications, and a checkpoint permission (int pid, int uid) permission detection method and a getSystemservice (strongname) system service method of the activities and the applications are rewritten to intercept.
(2) And the interceptor is handed to an authority determiner after interception, and the authority determiner sets the authority and controls the use of the authority and the service by the service monitoring switch through custom addition of monitored system services and a corresponding authority list.
Monitoring services and corresponding permission lists and service and permission switches:
(3) and (3) permission judgment:
(ii) authority detection (checkpermissisio ()): if the detection authority belongs to the monitoring authority and the authority switch is closed, directly returning a state without authority (PackageManager. PERMISSION _ DENIED) to the calling party, and ending the operation; otherwise, the next step is directly executed if the monitoring authority belongs to the non-monitoring authority or the monitoring authority belongs to the monitoring authority but the authority switch is turned on.
System service (getsysteservice ()): when system service is obtained, a corresponding authority list is obtained according to the service name, if the authority list is traversed and judged to belong to the monitoring authority and the authority switch is closed, the Null object is directly returned to a calling party, calling is not given, and operation is finished; otherwise, the traversal authority list belongs to the non-monitoring authority, or the traversal authority list has the monitoring authority but the authority switch is turned on, and then the next step is directly executed;
(4) and calling the authority detection of the parent system, or the system service:
(ii) authority detection (checkpermissisio ()): the method of the subclass of Activity or Application is directly skipped by reflection, and the permission detection checkPermission () method of their parent ContextWrapper is called.
System service (getsysteservice ()): the method of these sub-classes, Activity or Application, is skipped directly by reflection, calling the system service getSystemService () method of their parent ContextWrapper.
It should be noted that the specific process of the permission detection is as follows: firstly, initiating authority detection, detecting authority and judging whether the authority is a monitored authority: if not, the parent detection method is called in a reflection mode; if yes, whether the authority is allowed to be used is detected, if the authority is allowed to be used, a parent detection method is reflected and called, system authority detection is initiated, and a system detection result is returned; if the permission is not allowed to be used, returning a result of not allowing to be called, and ending the operation.
The specific process of the system service is as follows: firstly, calling a system service, acquiring an authority list according to a system service name, detecting authority and judging whether the authority is a monitored authority: if not, reflecting and calling the parent system service; if yes, whether the authority is allowed to be used is detected, if the authority is allowed to be used, the parent system service is called in a reflection mode, the system service is called, and the system service is returned; if the authority is not allowed to be used, returning a NULL service object result, and ending the operation.
A device based on android platform authority monitoring and management comprises an interceptor, an authority determiner and a parent method reflector, wherein the interceptor is used for intercepting a checkpoint permission (int pid) authority detection method and a getSystemservice (strongname) system service method of Activity and Application; the authority judger is used for judging whether the authority belongs to the monitoring authority and the authority switch is closed, and can add monitoring service and a corresponding monitoring authority list; the parent method reflector is used for reflecting the method for calling the parent, skipping the interceptor and returning the bottom result of the system to the calling party.
This embodiment passes through the authority control, lets the APP owner can monitor and manage the use of the interior third party service authority of APP better, avoids the loss that the authority abuse leads to, and realizes simply, and is few to the embedding of business code, and is self-defined high, and its application scene has:
(1) when the android APP calls the positioning service, if the service is needed, the permission can be opened, namely the system service can be called through permission detection, so that the positioning service is realized, then the system service is closed, and other service calls are forbidden; otherwise, the third-party service uses the positioning service under the condition that the user does not know, interception and return are not allowed through detecting the authority, the third-party service stops calling the system service generally, but the system service is prevented from returning a NULL object to the effect and not calling some third-party services. Therefore, the sensitive authority positioning service is separated from the control of a developer, and the risk of stealing the positioning information of the user is realized, the positioning service is not limited, and the monitoring can be realized on sensitive services such as camera service, microphone service, short message service, address list service and the like.
(2) Most third-party service SDKs in the market have permission to be embedded into the APP, and the third-party service SDKs must be used, but the permission is not necessary for the third-party service SDKs, and the monitoring columns can be added to be closed all the time, so that information leakage can be avoided.
The foregoing shows and describes the general principles and broad features of the present invention and advantages thereof. It will be understood by those skilled in the art that the present invention is not limited to the embodiments described above, which are described in the specification and illustrated only to illustrate the principle of the present invention, but that various changes and modifications may be made therein without departing from the spirit and scope of the present invention, which fall within the scope of the invention as claimed. The scope of the invention is defined by the appended claims and equivalents thereof.
Claims (4)
1. A method for monitoring and managing authority based on an android platform is characterized by comprising the following steps:
(1) an interceptor: by inheriting the Activity and the Application class, a class of a Base is customized to inherit all the activities and the applications used in the APP, and a checking permission (int pid) permission detection method and a getSystemservice (String name) system service method of the activities and the applications are rewritten to intercept;
(2) the interceptor is delivered to an authority determiner after interception, and the authority determiner sets authority and service monitoring switch to control the use of the authority and service by adding monitored system service and a corresponding authority list in a user-defined manner;
(3) and (3) permission judgment:
(ii) authority detection (checkpermissisio ()): if the detection authority belongs to the monitoring authority and the authority switch is turned off, directly returning to the state without the authority to the calling party, and finishing the operation; if the current state of;
system service (getsysteservice ()): when system service is obtained, a corresponding authority list is obtained according to the service name, if the authority list is traversed and judged to belong to the monitoring authority and the authority switch is closed, the Null object is directly returned to a calling party, calling is not given, and operation is finished; otherwise, the traversal authority list belongs to the non-monitoring authority, or the traversal authority list has the monitoring authority but the authority switch is turned on, and then the next step is directly executed;
(4) and calling the authority detection of the parent system, or the system service:
(ii) authority detection (checkpermissisio ()): directly skipping the methods of the subclasses of Activity or Application through reflection, and calling the permission detection checkPermission () method of the ContextWrapper of the parent class;
system service (getsysteservice ()): directly skipping the methods of the subclasses of Activity or Application through reflection, and calling the system service getSystemService () method of the ContextWrapper parent;
(5) and reflecting the method for calling the parent class, returning the result to the calling party, and finishing the operation.
2. The android platform permission monitoring and management based method according to claim 1, wherein the permission detection specifically comprises: firstly, initiating authority detection, detecting authority and judging whether the authority is a monitored authority: if not, the parent detection method is called in a reflection mode; if yes, whether the authority is allowed to be used is detected, if the authority is allowed to be used, a parent detection method is reflected and called, system authority detection is initiated, and a system detection result is returned; if the permission is not allowed to be used, returning a result of not allowing to be called, and ending the operation.
3. The android platform permission monitoring and management based method according to claim 1, wherein the specific flow of the system service is as follows: firstly, calling a system service, acquiring an authority list according to a system service name, detecting authority and judging whether the authority is a monitored authority: if not, reflecting and calling the parent system service; if yes, whether the authority is allowed to be used is detected, if the authority is allowed to be used, the parent system service is called in a reflection mode, the system service is called, and the system service is returned; if the authority is not allowed to be used, returning a NULL service object result, and ending the operation.
4. A device based on android platform authority monitoring and management is characterized by comprising an interceptor, an authority determiner and a parent method reflector, wherein the interceptor is used for intercepting an Activity and Application's checkpoint permission detection method, a getSystemservice (strongname) system service method; the authority judger is used for judging whether the authority belongs to the monitoring authority and the authority switch is closed, and can add monitoring service and a corresponding monitoring authority list; the parent method reflector is used for reflecting the method for calling the parent, skipping the interceptor and returning the bottom result of the system to the calling party.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111200914.9A CN113886854A (en) | 2021-10-14 | 2021-10-14 | Android platform based permission monitoring and managing method and device |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202111200914.9A CN113886854A (en) | 2021-10-14 | 2021-10-14 | Android platform based permission monitoring and managing method and device |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113886854A true CN113886854A (en) | 2022-01-04 |
Family
ID=79002956
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202111200914.9A Pending CN113886854A (en) | 2021-10-14 | 2021-10-14 | Android platform based permission monitoring and managing method and device |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113886854A (en) |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015055074A1 (en) * | 2013-10-17 | 2015-04-23 | 北京奇虎科技有限公司 | Method and device for dynamically loading and invoking program |
CN108170485A (en) * | 2016-12-05 | 2018-06-15 | 腾讯科技(深圳)有限公司 | A kind of plug-in loading method, device and mobile terminal |
CN108491216A (en) * | 2018-03-05 | 2018-09-04 | 北京指掌易科技有限公司 | A kind of method of android system unaware application installation upgrading |
CN112069523A (en) * | 2020-09-15 | 2020-12-11 | 北京值得买科技股份有限公司 | Android application based permission control method, device and equipment |
CN112199720A (en) * | 2020-10-12 | 2021-01-08 | 广州虎牙科技有限公司 | Authority monitoring processing method, device, computer equipment and medium |
-
2021
- 2021-10-14 CN CN202111200914.9A patent/CN113886854A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2015055074A1 (en) * | 2013-10-17 | 2015-04-23 | 北京奇虎科技有限公司 | Method and device for dynamically loading and invoking program |
CN108170485A (en) * | 2016-12-05 | 2018-06-15 | 腾讯科技(深圳)有限公司 | A kind of plug-in loading method, device and mobile terminal |
CN108491216A (en) * | 2018-03-05 | 2018-09-04 | 北京指掌易科技有限公司 | A kind of method of android system unaware application installation upgrading |
CN112069523A (en) * | 2020-09-15 | 2020-12-11 | 北京值得买科技股份有限公司 | Android application based permission control method, device and equipment |
CN112199720A (en) * | 2020-10-12 | 2021-01-08 | 广州虎牙科技有限公司 | Authority monitoring processing method, device, computer equipment and medium |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103198255B (en) | Method and system for monitoring and intercepting sensitive behaviour of Android software | |
US9680876B2 (en) | Method and system for protecting data flow at a mobile device | |
CN104462978B (en) | A kind of method and apparatus of application program rights management | |
CN103136472A (en) | Method and mobile device of stopping application program to steal privacy | |
US11816222B2 (en) | Detecting vulnerabilities in managed client devices | |
US9953161B2 (en) | Method, device and system for processing notification bar message | |
CN103514397A (en) | Server, terminal and authority management and permission method | |
EP2302549B1 (en) | Platform security apparatus and method thereof | |
US20170076099A1 (en) | An access method and apparatus for an application program based on an intelligent terminal device | |
WO2015096695A1 (en) | Installation control method, system and device for application program | |
CN102819715A (en) | API (application programming interface) monitoring method and device | |
CN104462980A (en) | Authority management method, device and system of application programs and mobile terminal | |
CN102289633A (en) | Method for managing dynamic permission of application program under Android platform | |
US20160350525A1 (en) | Application Program Management Method, Device, Terminal, and Computer Storage Medium | |
CN104462889A (en) | Application authority management method and device | |
CN104376266A (en) | Determination method and device for security level of application software | |
CN105550595A (en) | Private data access method and system for intelligent communication equipment | |
KR20110128632A (en) | Method and device for detecting malicious action of application program for smartphone | |
CN105740021A (en) | Installation method and device of application program | |
CN103218552B (en) | Based on method for managing security and the device of user behavior | |
WO2018133654A1 (en) | Protected positioning method and device | |
CN103699835B (en) | A kind of access control method towards android system resource | |
KR20120138857A (en) | In enterance of visitor security control system and method the same | |
CN109271792B (en) | Terminal peripheral control method and device based on Android local layer hook | |
US20190394612A1 (en) | Location-based organizational groupings for management services |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |