CN114282261A - Fine-grained privacy policy and mobile application behavior consistency checking method - Google Patents
Fine-grained privacy policy and mobile application behavior consistency checking method Download PDFInfo
- Publication number
- CN114282261A CN114282261A CN202111509561.0A CN202111509561A CN114282261A CN 114282261 A CN114282261 A CN 114282261A CN 202111509561 A CN202111509561 A CN 202111509561A CN 114282261 A CN114282261 A CN 114282261A
- Authority
- CN
- China
- Prior art keywords
- data
- privacy policy
- user
- mobile application
- leakage
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 230000003068 static effect Effects 0.000 claims abstract description 10
- 238000007405 data analysis Methods 0.000 claims abstract description 4
- 238000004458 analytical method Methods 0.000 claims description 27
- 239000008186 active pharmaceutical agent Substances 0.000 claims description 9
- 238000013480 data collection Methods 0.000 claims description 6
- 238000003780 insertion Methods 0.000 claims description 5
- 230000037431 insertion Effects 0.000 claims description 5
- 238000012545 processing Methods 0.000 claims description 4
- 238000012986 modification Methods 0.000 claims description 3
- 230000004048 modification Effects 0.000 claims description 3
- 230000002452 interceptive effect Effects 0.000 claims description 2
- 230000006399 behavior Effects 0.000 abstract description 31
- 238000010586 diagram Methods 0.000 description 12
- 230000008569 process Effects 0.000 description 9
- 230000006870 function Effects 0.000 description 8
- 238000005206 flow analysis Methods 0.000 description 6
- 238000011160 research Methods 0.000 description 5
- 238000007781 pre-processing Methods 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000009193 crawling Effects 0.000 description 3
- 230000000694 effects Effects 0.000 description 3
- 238000001514 detection method Methods 0.000 description 2
- 238000013515 script Methods 0.000 description 2
- 238000012549 training Methods 0.000 description 2
- 230000004931 aggregating effect Effects 0.000 description 1
- 230000002457 bidirectional effect Effects 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 230000000295 complement effect Effects 0.000 description 1
- 238000012790 confirmation Methods 0.000 description 1
- 238000000605 extraction Methods 0.000 description 1
- 239000012634 fragment Substances 0.000 description 1
- 230000014509 gene expression Effects 0.000 description 1
- 238000003058 natural language processing Methods 0.000 description 1
- 230000000717 retained effect Effects 0.000 description 1
- 230000011218 segmentation Effects 0.000 description 1
Images
Landscapes
- Information Transfer Between Computers (AREA)
- Storage Device Security (AREA)
Abstract
The invention discloses a method for checking the consistency of a fine-grained privacy policy and a mobile application behavior, which comprises the following steps of 1, extracting and analyzing privacy policy key information of a mobile application program; step 2, using the static data flow to perform data analysis, and judging whether the data from a specific source finally flows to a specific terminal point by analyzing the flow direction of the data; step 3, inserting piles at the conditional judgment statement; and 4, searching a data stream from the graphical interface to the inserted position, judging whether the user can intervene in data leakage or not, and comparing the completed privacy policy of the privacy policy with the mobile application behavior consistency check level description. Compared with the prior art, the method and the device can judge whether the behaviors of the Android mobile application program and the privacy policy of the Android mobile application program are consistent or not, identify the privacy disclosure condition when the user uses the mobile application program, help the user to know the use condition of the mobile application program on data, and further protect the privacy data of the user to a greater extent.
Description
Technical Field
The invention relates to the field of software static analysis and natural language processing, in particular to a method for checking the consistency of a fine-grained privacy policy and a mobile application behavior.
Background
Mobile applications have become an integral part of people's lives today. While mobile applications have reached deep into the lives of people, there have been many privacy concerns that have been associated with studies indicating that privacy-sensitive information (such as device identifiers and geographic locations) is widely and continuously revealed. Privacy security is a long-standing open research challenge. Therefore, it is imperative that security issues addressing mobile application user privacy be addressed.
A privacy policy is a legally effective document that specifies a set of restrictions for an application in collecting user data. Which of the user's data can be collected, which can be shared with third parties, which can be used only by themselves, which can be used locally, and which data can be uploaded to the cloud, etc. are written in advance in the privacy policy. In recent years, research on privacy policies and application behavior consistency checks has increased, but most of the previous research has stayed on rough surfaces and has not conducted fine-grained research on privacy policies and actual behavior of mobile applications. How to judge whether to declare data leakage deep into details is a technical problem to be solved urgently.
Disclosure of Invention
The invention aims to provide a method for checking the consistency of a fine-grained privacy policy and a mobile application behavior, which is used for establishing a set of application behavior and privacy policy consistency checking scheme starting from the mobile application behavior and the privacy policy to find out the condition that the real behavior and the privacy policy statement go in and out, generating a corresponding consistency detection report for the mobile application, and finishing the identification of the privacy disclosure condition when a user uses the mobile application.
The invention is realized by the following technical scheme:
a method for checking the consistency of a fine-grained privacy policy and a mobile application behavior specifically comprises the following steps:
step 1, extracting and analyzing privacy policy key information of a mobile application program, wherein the privacy policy key information comprises the parts of speech and the dependency relationship of each word in each sentence identified by a named entity identification model, and then the dependency relationship of different words is analyzed; extracting key information including a sentence trunk and related modification components according to the dependency relationship of the words in the grammar tree, and further obtaining an information list declared in the privacy policy;
step 2, using the static data flow to carry out data analysis, and judging that the data from a specific source finally flows to a specific terminal point by analyzing the flow direction of the data; firstly, constructing a calling relation graph and a data flow graph according to the execution logic of a program, finding calling positions of all sensitive APIs, then tracking data flows from a series of end points to the front, and judging whether the data flows come from a specific source or not; finally, judging sensitive data leakage and judging whether a user can intervene in sensitive data leakage;
and 4, searching a data stream from the graphical interface to the inserted position, judging whether the user can intervene in data leakage or not, and comparing the completed privacy policy of the privacy policy with the mobile application behavior consistency check level description.
The step of judging the sensitive data leakage and judging whether the user can intervene in the sensitive data leakage in the step 2 further comprises the following processing:
step 2.1, judging whether sensitive data is leaked: defining a data source as a series of APIs for acquiring sensitive data, and emphatically defining operations which can cause information leakage, and if the operations exist, determining that the possibility of data leakage exists;
step 2.2, judging whether the user can intervene in data leakage: and defining a data source as a value of a graphical interface component, and defining a conditional judgment statement on a data flow path in the last step with emphasis, wherein if the data flow path exists, the operation of a user is considered to be capable of interfering in execution of a related statement of data leakage.
The step 4 of judging whether the user's selection can intervene in the data leakage further comprises the following processes:
when the application program provides the user with the selection, whether the logic for acquiring the leaked data according to the related attribute of the element on the graphical interface corresponding to the related selection on the graphical interface by the user is executed or not is judged, namely, the user is considered to be capable of performing the behavior of intervening data leakage when the data flow is inserted from the API for acquiring the attribute to the branch statement.
The step 4 of comparing the privacy policy completion privacy policy and the mobile application behavior consistency check level description further comprises the following processing:
dividing the description of a specific type of data collection behavior in the privacy policy into three levels, namely 1) no description; 2) collected upon user consent; 3) collecting;
similarly, leakage of particular data in mobile applications is classified into three levels: 1) no leakage is caused; 2) after the user permits, sending the data to the network; 3) and directly sending the data to the network without extra permission of the user.
Compared with the prior art, the method and the device can judge whether the behaviors of the Android mobile application program and the privacy policy of the Android mobile application program are consistent or not, identify the privacy disclosure condition when the user uses the mobile application program, help the user to know the use condition of the mobile application program on data, and further protect the privacy data of the user to a greater extent.
Drawings
FIG. 1 is a flowchart illustrating an overall method for checking the consistency of a fine-grained privacy policy and a mobile application behavior according to the present invention;
FIG. 2 is a diagram of a named entity recognition model;
FIG. 3 is a flowchart of text crawling in a privacy policy page according to an embodiment of the present invention;
FIG. 4 is a diagram of word dependency in text;
FIG. 5 is an android Activity lifecycle diagram;
FIG. 6 is a diagram of a situation where a branch statement does not affect data leakage;
FIG. 7 is a diagram of a branch statement affecting data leakage;
FIG. 8 is a code instrumentation analysis flow diagram;
FIG. 9 is an exemplary diagram of an OpenCamera privacy policy display page;
fig. 10 is an exemplary diagram of a result of text preprocessing of an OpenCamera privacy policy.
Detailed Description
The technical solution of the present invention is described in detail below with reference to the accompanying drawings and specific embodiments.
Fig. 1 is a flowchart of a method for checking the behavior consistency of a fine-grained privacy policy and a mobile application according to the present invention. The method mainly comprises four parts, namely firstly analyzing a privacy policy text of a mobile application program, then acquiring data actually used by the application program by using a static data stream analysis method on the basis of acquiring a data collection behavior described by the privacy policy text, further performing instrumentation on a conditional statement on an analyzed data stream path, searching a data stream from a graph interface value to an inserted function, and finally comparing whether the results of two data stream analyses are consistent with a data collection statement described in the privacy policy. The specific process is described as follows:
step 1, analyzing the privacy policy of the mobile application program, including two operations, namely named entity identification and key information extraction according to a syntax tree. The named entity recognition is the basis for analyzing sentence components, the named entity recognition model marks the part of speech of each word, identifies the part of speech of each word in each sentence, and analyzes the dependency relationship (generating a syntax tree) of different words to describe the relationship among different words. And extracting key information according to the grammar tree is to extract a sentence trunk and related modification components according to the dependency relationship of words in the grammar tree, and further obtain a list of information collection declared in the privacy policy. And according to the result of the named entity recognition, obtaining the part of speech and the dependency relationship of each word in the sentence. Each sentence can be described as a syntax tree with verbs as root nodes, with edges connecting two nodes, representing different dependencies.
And 2, performing data analysis by using the static data stream, which is the most critical step in the overall process, analyzing the flow direction of a series of data, and judging that the data from a specific source cannot finally flow to a specific end point. The static data stream analysis specifically comprises: firstly, constructing a call graph and a data flow graph according to the execution logic of a program, finding the call positions of all sensitive APIs, finally tracking the data flow from a series of end points to the front, and judging whether the data flow comes from a specific source. The analysis result is mainly divided into two parts, namely a process for judging sensitive data leakage and a process for judging whether a user can intervene in sensitive data leakage.
Step 2.1, judging whether sensitive data is leaked: defining a data source as a series of APIs for acquiring sensitive data, such as acquiring an address list, acquiring equipment ID, positioning and the like; emphasis is placed on defining operations that may lead to information leakage, such as sending data to a network, writing data to a file, etc. If such an operation exists, it is assumed that there is a possibility of data leakage.
Step 2.2, judging whether the user can intervene in data leakage: defining data sources as values of graphical interface components such as whether check boxes are checked, whether slide buttons are checked, and the like; and (4) defining a conditional judgment statement on the data flow path in the previous step. If such a data flow path exists, it is considered that the user's operation may intervene in the execution of the relevant statement of data leakage, i.e., the user may select whether to transmit data.
The data flow tracking in the invention is developed secondarily based on FlowDroid, and FlowDroid supports that a method call and a callback function are used as the starting point of the data flow and a method call is used as the end point. And analyzing whether a possible data flow exists or not by adopting a method of back tracking from the end point to the starting point.
When static data stream analysis is used to determine whether sensitive data is leaked, a starting point needs to be defined as a relevant method for acquiring sensitive data, such as reading an address book, acquiring an equipment ID, acquiring location information, and the like. An endpoint is defined as a method call for data leakage, such as sending to the network, writing to the input output stream, etc. When there is a path from the start point to the end point, it is considered that there is a data leak.
And 3, inserting piles at the conditional judgment statement, and completing the determination of pile inserting points and the insertion of the statement through the analysis of the smali byte codes. The smali byte code is an intermediate state between the source code and the binary file (dex file), and is obtained by decompiling the dex file, and can be compiled into the dex file according to the byte code, so that the xml file is an ideal instrumentation choice.
This step is complementary to step 2. In step 2, the condition judgment statement needs to be set as an end point. But most of the existing analysis methods only accept function calls as end points (i.e. data coming in as parameters). Therefore, the statement of function call needs to be added at the condition judgment, and the parameters and the conditions in the condition judgment statement are kept consistent. This allows the endpoint to be set as a function of the insertion to the same effect.
step 4.1, judging whether the user can intervene in the data leakage process:
when an application provides a selection to a user, the relevant selection must be embodied on a graphical interface. The associated attributes of the switches (e.g., check boxes, radio buttons, slide select buttons, etc.), pop-up dialog boxes, etc. on the graphical interface may represent selections provided to the user. When these attribute values are able to decide whether the logic that leaks data is executing, i.e. there is a flow of data from the API that gets the attributes to the insertion at the branch statement, it is considered that the user can intervene in the behavior of data leakage.
Step 4.2, comparing the consistency of the privacy policies:
the description of a specific type of data collection behavior in the privacy policy can be divided into three levels, 1) none; 2) collected upon user consent; 3) and (6) collecting. Likewise, in an application, there are three levels of leakage of particular data: 1) no leakage (unused data, or local use only); 2) after the user permits, sending the data to the network; 3) and directly sending the data to the network without extra permission of the user.
An inconsistency is considered to exist when the level of data leakage in the application is higher than the level described in the privacy policy. This may be prompted when an application uses a certain type of information in violation.
The specific embodiments of the present invention are described below:
crawling mobile application programs and corresponding privacy policy pages;
most of the related privacy policy texts exist on the webpage, so that privacy policy text preprocessing is required, irrelevant interference information is removed, and only effective information is reserved. The method mainly comprises the following pretreatment operations:
useless tags are deleted and only the text is retained. The garbage deleted from the web page includes: headers, footers, pictures, scripts, and text fragments that are too short (less than 5 words).
And aggregating the lists. When describing the list, each element in the list and the guide sentence of the list cannot form a single sentence with complete semantics, and the guide sentence and the entry need to be spliced. Two cases are considered here: when the entries are short, all the entries and the guide sentence are spliced to form a complete sentence; and when the entries are longer, splicing each entry with the guide sentence to form a series of sentences.
As shown in fig. 3, a text crawling flow diagram in a privacy policy page according to an embodiment of the present invention. The specific process comprises the following steps:
for the webpage, traversing the DOM tree by using BFS; determine whether the specific string includes: < header > < font > < script > < notscript > < layer > < image >? If yes, deleting the node, and if not, keeping the node; for the case of a reservation node, determine if div or p-tag is present? If not, returning to traversal, if yes, traversing all div or p labels of the lower layer directly containing the text, and judging whether the div or p labels are too short? If yes, deleting the node, and if not, keeping the node.
Named entity recognition adopts a method of word embedding, bidirectional LSTM network and random condition field (CRF) to construct a model. The bi-directional LSTM performs a classifier function, and classifies each word segmentation (Token) in the text sequence to obtain its labeled label. The situation that the attention of the LSTM to the direct relation of the result of the short distance is not enough, and the situation similar to 'preposition followed by noun with high probability' can occur in the natural language is improved. The influence of part-of-speech tagging errors on subsequent analysis in the privacy policy is fatal. In this case, a good result can be achieved by correcting the result by using a probabilistic model of CRF.
The invention adopts a pre-training model trained by using a space English news corpus, and on the basis, 400 linguistic data related to privacy strategies are added for enhanced training, so that the accuracy rate of 84% and the recall rate of 81% are achieved.
As shown in fig. 4, it is a word dependency diagram in text. The sentence can be parsed into a quadruple of shape (We, Collect, Email Address, If you register). In the quadruplet, two types of situations that semantic changes may occur need to be considered, and whether the words are fixed and the passive speech is dynamic or not is determined. In the case of negative words, the sentence semantics will change inversely, such as "collect" to "not collect". In the case of passive morphism, the subject and object of a sentence are exchanged. On the basis, keyword matching is only needed to be carried out on each element in the quadruple, and three information of whether behavior is collected, data type and whether a user agrees (intervenes) can be obtained. As shown in table 1, a four-tuple key matching table for privacy policy.
TABLE 1
One collection action in the privacy policy text may be described as a quadruple (body, data, collection action, and constraints (i.e., user consent or user selection; constraints refers to whether or not there is a condition that requires user consent, forming a constraint on an action.)) containing the following four pieces of information
As shown in Table 2, the start and end points of the data flow analysis for a data leak are defined.
TABLE 2
The same interface is adopted to acquire data due to the fact that call records, contact information, short messages and the like, and only different returned results are caused by different incoming parameters. For this situation, the present invention employs a local backward data flow tracing method, and when a specific interface call is found, the source of a specific parameter is traced backward, and the parameter is one of several constants predefined by the system, and by the value of the constant, which type of user data collection is specified.
When tracking whether the user's selection interferes with data leakage, the defined starting point is to acquire the switch value of the graphical interface, the confirmation condition of the pop-up window by the user, and the like. As shown in table 3, to track the start of the data stream when selected by the user. The end point is the statement of the defined stake.
TABLE 3
The Android application program is an executable file based on a Java virtual machine, so a static analysis method similar to Java can be adopted. The Android application program has its own lifecycle, which is an Android Activity lifecycle graph as shown in fig. 5, and a correct control flow graph can be obtained only by simulating a complete lifecycle. Other components of the Android application also register many callback functions and will be called at the appropriate time. The analysis tool in the invention simulates the complete life cycle of the Android application program and determines a series of possible entries.
In the process of data flow tracing, the invention firstly searches all possible data flow end points, performs backward tracing on the data flow from the end points, determines whether the starting point is from a predefined series of interfaces, and completes the analysis of data leakage by the method. In the tracking process, local control flow analysis is carried out on branch statements (jump statements) on the path, and whether both branches can reach a data leakage point or not is carried out. If all branches can reach the end of the data stream, as shown in fig. 6, the branch statement does not affect the data leakage. Wherein, it is considered that the branch statement does not interfere with data leakage, and in the case of fig. 6, no matter which execution path is selected by the program, the data leakage point will be reached finally, and the condition will not affect the data leakage; on the contrary, as shown in fig. 7, it is a diagram of a situation that a branch statement affects data leakage, in this case, only when the program selects the right-side execution path, it will cause data leakage when "condition 1" in fig. 7 is affected by the user selection, for example, the variable value is from the content input by the user, and it is considered that the user can intervene in the flow of data leakage.
And (3) code instrumentation is carried out at the branch statement, not all branch statements need to be subjected to code instrumentation, and instrumentation is carried out only at the branch statement which can interfere with data leakage, as shown in fig. 8, which is a code instrumentation analysis flow chart. Find branch statements on the path, determine if intervention is leaking? If so, calculate the local variable type of the incoming branch statement to determine the parameter type of the statement that needs to be inserted, and if there is more than one parameter number (a conditional predicate statement with 6 parameters in total and a conditional predicate statement with two parameters in 6 in smali) of the branch statement? If so, decomposing each condition and inserting piles respectively; and if not, pile inserting is carried out. The instrumentation selection is done at the smali bytecode. For a jump statement with two conditions, a corresponding code is inserted as an end point for each condition to ensure that a value from the graphical interface, which occurs in any part of the condition, can be detected. The purpose of the instrumentation is to facilitate taking the instrumented sentence as the end point of the data flow analysis, thereby performing data flow tracking. Therefore, supported rich-type statements should be selected in terms of selection of instrumented statements, and a method of reloading all built-in data types, and Object classes should be adopted as an end point.
The invention divides the privacy policy analysis result and the mobile application program analysis result into three levels. The results types are analyzed for privacy policy and application behavior as shown in table 4.
TABLE 4
When two inconsistent expressions appear in the same privacy policy, the one with the higher rank is selected in the second and third levels. When inconsistent data usage occurs in the same application, the lower ranked item is selected in the second and third levels.
When the analysis result level of the privacy policy for a certain type of data is higher than the mobile application analysis result level, it is considered that a case of non-compliance has occurred.
The invention researches the selection provided for the user in the privacy policy and the specific implementation condition of the selection in the application program, generates a corresponding consistency detection report for the mobile application program, and completes the consistency check of the privacy policy and the behavior of the mobile application program.
The method for checking the consistency of the behaviors of the mobile application and the fine-grained privacy policy based on the static data flow analysis is shown in a specific example. OpenCamera with code open source and download number more than 50,000,000 times in Google Play shop is selected as the analysis object. The following is a consistency analysis of the privacy policies and behaviors of OpenCamera.
Resolving privacy policies
All applications on Google Play need to provide links to privacy policies, and the privacy policy web page of OpenCamera can be obtained through Google Play store, as shown in fig. 9, which is an exemplary diagram of the OpenCamera privacy policy display page. After preprocessing, headers, footers, and pictures are deleted, lists are aggregated, text that is too short is filtered, and a collection of sentences can be harvested. As shown in fig. 10, an exemplary graph of the OpenCamera privacy policy text preprocessing result. As can be readily seen from fig. 10, the types of information involved are picture, location, personal information, bluetooth, etc., but it is involved in sending data and the subject is the current application, only location information and personal information. However, since there is a negative word in the sentence of the personal information, only the position information is collected. The term for collecting the location information includes "With your present" as a limitation, and requires the user's consent. I.e. the result of the privacy policy analysis, only the location information is collected and is ranked two.
Using the tools mentioned in the present invention for analysis, it was found that there are situations where position information is written to the input stream and that the statement is affected by a series of check box values. After reading the source code and analyzing the graphical interface, the check boxes are determined to be from a switch of 'whether to record GPS data', and when the switch is closed, the position information cannot be acquired. The concrete performance of the program is consistent with the result of the data flow analysis, and the feasibility and the accuracy of the data flow analysis are explained.
I.e., the result of the mobile application behavior analysis, only the location information is sent, and is level two.
And (4) comparing results and concluding: and comparing the analysis result of the privacy policy with the analysis result of the mobile application program behavior. Although OpenCamera applications use many types of data, there is really data leakage (sending to the network or writing to the input output stream) only the user's location information. The privacy policy is also declared for the location information of the user and will be used with the user's consent. It is determined from the results of the application behavior analysis that this data will indeed only be used with the user's consent. It can be concluded that the privacy policy and the actual behavior of the OpenCamera application are consistent.
Claims (4)
1. A method for checking the consistency of a fine-grained privacy policy and a mobile application behavior is characterized by specifically comprising the following steps:
step 1, extracting and analyzing privacy policy key information of a mobile application program, wherein the privacy policy key information comprises the parts of speech and the dependency relationship of each word in each sentence identified by a named entity identification model, and then the dependency relationship of different words is analyzed; extracting key information including a sentence trunk and related modification components according to the dependency relationship of the words in the grammar tree, and further obtaining an information list declared in the privacy policy;
step 2, using the static data flow to perform data analysis, and judging whether the data from a specific source finally flows to a specific terminal point by analyzing the flow direction of the data; firstly, constructing a calling relation graph and a data flow graph according to the execution logic of a program, finding calling positions of all sensitive APIs, then tracking data flows from a series of end points to the front, and judging whether the data flows come from a specific source or not; finally, judging sensitive data leakage and judging whether a user can intervene in sensitive data leakage;
step 3, inserting piles at the conditional judgment statement, so that the terminal point is set as an inserted function, and the determination of the pile inserting point and the insertion of the statement are completed through the analysis of the smali byte codes;
and 4, searching a data stream from the graphical interface to the inserted position, judging whether the user can intervene in data leakage or not, and comparing the completed privacy policy of the privacy policy with the mobile application behavior consistency check level description.
2. The fine-grained privacy policy and mobile application behavior consistency checking method according to claim 1, wherein the step of judging sensitive data leakage and judging whether a user can intervene in sensitive data leakage in the step 2 further comprises the following processing:
step 2.1, judging whether sensitive data is leaked: defining a data source as a series of APIs for acquiring sensitive data, and emphatically defining operations which can cause information leakage, and if the operations exist, determining that the possibility of data leakage exists;
step 2.2, judging whether the user can intervene in data leakage: and defining a data source as a value of a graphical interface component, and defining a conditional judgment statement on a data flow path in the last step with emphasis, wherein if the data flow path exists, the operation of a user is considered to be capable of interfering in execution of a related statement of data leakage.
3. The fine-grained privacy policy and mobile application behavior consistency checking method according to claim 1, wherein the step 4 of determining whether the user's selection can intervene in the data disclosure further comprises the following steps:
when the application program provides the user with the selection, whether the logic for acquiring the leaked data according to the related attribute of the element on the graphical interface corresponding to the related selection on the graphical interface by the user is executed or not is judged, namely, the user is considered to be capable of performing the behavior of intervening data leakage when the data flow is inserted from the API for acquiring the attribute to the branch statement.
4. The fine-grained privacy policy and mobile application behavior consistency check method according to claim 1, wherein the comparing the completed privacy policy and mobile application behavior consistency check level description of the privacy policy of step 4 further comprises the following processing:
dividing the description of a specific type of data collection behavior in the privacy policy into three levels, namely 1) no description; 2) collected upon user consent; 3) collecting;
similarly, leakage of particular data in mobile applications is classified into three levels: 1) no leakage is caused; 2) after the user permits, sending the data to the network; 3) and directly sending the data to the network without extra permission of the user.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111509561.0A CN114282261B (en) | 2021-12-10 | 2021-12-10 | Fine granularity privacy policy and mobile application behavior consistency checking method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202111509561.0A CN114282261B (en) | 2021-12-10 | 2021-12-10 | Fine granularity privacy policy and mobile application behavior consistency checking method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN114282261A true CN114282261A (en) | 2022-04-05 |
| CN114282261B CN114282261B (en) | 2024-07-02 |
Family
ID=80871751
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202111509561.0A Active CN114282261B (en) | 2021-12-10 | 2021-12-10 | Fine granularity privacy policy and mobile application behavior consistency checking method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114282261B (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117077133A (en) * | 2023-07-10 | 2023-11-17 | 南方科技大学 | Android malicious software detection method and device for coping with application face behavior |
Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102323906A (en) * | 2011-09-08 | 2012-01-18 | 哈尔滨工程大学 | MC/DC test data automatic generation method based on genetic algorithm |
| US20150242635A1 (en) * | 2014-02-27 | 2015-08-27 | Nec Laboratories America, Inc. | DuLeak: A Scalable App Engine for High-Impact Privacy Leaks |
| US20150332049A1 (en) * | 2014-05-15 | 2015-11-19 | Northwestern University | System and method for determining description-to-permission fidelity in mobile applications |
| CN106203113A (en) * | 2016-07-08 | 2016-12-07 | 西安电子科技大学 | The privacy leakage monitoring method of Android application file |
| CN107491387A (en) * | 2017-07-18 | 2017-12-19 | 中国人民解放军信息工程大学 | A kind of pass point of documentor and inspection independent positioning method and system |
| CN108171073A (en) * | 2017-12-06 | 2018-06-15 | 复旦大学 | A kind of private data recognition methods based on the parsing driving of code layer semanteme |
| CN110096895A (en) * | 2019-03-22 | 2019-08-06 | 西安电子科技大学 | Service privacy leakage detection method, Internet of Things service platform based on association map |
| US10430605B1 (en) * | 2018-11-29 | 2019-10-01 | LeapYear Technologies, Inc. | Differentially private database permissions system |
-
2021
- 2021-12-10 CN CN202111509561.0A patent/CN114282261B/en active Active
Patent Citations (8)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN102323906A (en) * | 2011-09-08 | 2012-01-18 | 哈尔滨工程大学 | MC/DC test data automatic generation method based on genetic algorithm |
| US20150242635A1 (en) * | 2014-02-27 | 2015-08-27 | Nec Laboratories America, Inc. | DuLeak: A Scalable App Engine for High-Impact Privacy Leaks |
| US20150332049A1 (en) * | 2014-05-15 | 2015-11-19 | Northwestern University | System and method for determining description-to-permission fidelity in mobile applications |
| CN106203113A (en) * | 2016-07-08 | 2016-12-07 | 西安电子科技大学 | The privacy leakage monitoring method of Android application file |
| CN107491387A (en) * | 2017-07-18 | 2017-12-19 | 中国人民解放军信息工程大学 | A kind of pass point of documentor and inspection independent positioning method and system |
| CN108171073A (en) * | 2017-12-06 | 2018-06-15 | 复旦大学 | A kind of private data recognition methods based on the parsing driving of code layer semanteme |
| US10430605B1 (en) * | 2018-11-29 | 2019-10-01 | LeapYear Technologies, Inc. | Differentially private database permissions system |
| CN110096895A (en) * | 2019-03-22 | 2019-08-06 | 西安电子科技大学 | Service privacy leakage detection method, Internet of Things service platform based on association map |
Non-Patent Citations (1)
| Title |
|---|
| 赵静;: "基于Android平台的隐私泄漏静态检测工具分析", 电子测试, no. 21, 5 November 2018 (2018-11-05) * |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN117077133A (en) * | 2023-07-10 | 2023-11-17 | 南方科技大学 | Android malicious software detection method and device for coping with application face behavior |
Also Published As
| Publication number | Publication date |
|---|---|
| CN114282261B (en) | 2024-07-02 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108171073B (en) | Private data identification method based on code layer semantic parsing drive | |
| CN110688307B (en) | JavaScript code detection method, device, equipment and storage medium | |
| US11256502B2 (en) | Automatic generation of documentation and aggregation of community content | |
| RU2610241C2 (en) | Method and system for text synthesis based on information extracted as rdf-graph using templates | |
| US20200356363A1 (en) | Methods and systems for automatically generating documentation for software | |
| US8359307B2 (en) | Method and apparatus for building sales tools by mining data from websites | |
| CN109146625B (en) | Content-based multi-version App update evaluation method and system | |
| CN111783016A (en) | Website classification method, device and equipment | |
| CN116406459A (en) | Code processing method, device, equipment and medium | |
| Hosseini et al. | Analyzing privacy policies through syntax-driven semantic analysis of information types | |
| US20240069907A1 (en) | Software development context history operations | |
| CN113419721B (en) | Web-based expression editing method, device, equipment and storage medium | |
| CN114282261B (en) | Fine granularity privacy policy and mobile application behavior consistency checking method | |
| CN113778852A (en) | Code analysis method based on regular expression | |
| CN110674033B (en) | Method, device, equipment and storage medium for processing code | |
| CN109558580B (en) | Text analysis method and device | |
| CN113435950B (en) | Bill processing method and device | |
| Rahman et al. | An improved method level bug localization approach using minimized code space | |
| CN114895914A (en) | Log output code generation method and device, electronic equipment and storage medium | |
| Jain et al. | Pact: Detecting and classifying privacy behavior of android applications | |
| Weyssow et al. | Combining code embedding with static analysis for function-call completion | |
| Kuang et al. | Suggesting method names based on graph neural network with salient information modelling | |
| CN110618809B (en) | Front-end webpage input constraint extraction method and device | |
| Feichtner et al. | Code between the lines: semantic analysis of android applications | |
| CN118194277B (en) | Privacy behavior consistency analysis method, device and medium based on APP usage scene |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant |