CN114416480A - Method for monitoring API call related to android application privacy - Google Patents
Method for monitoring API call related to android application privacy Download PDFInfo
- Publication number
- CN114416480A CN114416480A CN202210035215.1A CN202210035215A CN114416480A CN 114416480 A CN114416480 A CN 114416480A CN 202210035215 A CN202210035215 A CN 202210035215A CN 114416480 A CN114416480 A CN 114416480A
- Authority
- CN
- China
- Prior art keywords
- privacy
- monitoring
- calling
- monitor
- api
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 45
- 238000012544 monitoring process Methods 0.000 title claims abstract description 20
- 238000005516 engineering process Methods 0.000 claims abstract description 8
- 230000007613 environmental effect Effects 0.000 claims abstract description 4
- 239000008186 active pharmaceutical agent Substances 0.000 claims description 4
- 238000012360 testing method Methods 0.000 claims description 3
- 230000006399 behavior Effects 0.000 description 2
- 230000007547 defect Effects 0.000 description 2
- 238000011161 development Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000012937 correction Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/301—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system is a virtual computing platform, e.g. logically partitioned systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3003—Monitoring arrangements specially adapted to the computing system or computing system component being monitored
- G06F11/302—Monitoring arrangements specially adapted to the computing system or computing system component being monitored where the computing system component is a software system
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/30—Monitoring
- G06F11/3065—Monitoring arrangements determined by the means or processing involved in reporting the monitored data
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for program control, e.g. control units
- G06F9/06—Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
- G06F9/44—Arrangements for executing specific programs
- G06F9/455—Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
- G06F9/45533—Hypervisors; Virtual machine monitors
- G06F9/45558—Hypervisor-specific management and integration aspects
- G06F2009/45591—Monitoring or debugging support
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Physics & Mathematics (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Quality & Reliability (AREA)
- Software Systems (AREA)
- Mathematical Physics (AREA)
- Debugging And Monitoring (AREA)
Abstract
A method for monitoring API call related to android application privacy comprises the following steps: firstly, installing a necessary virtual environment Xpos of Hook technology; secondly, establishing a monitor; the monitor is used for monitoring the calling of the user privacy related API in the android system in a global mode and outputting a related calling log; thirdly, starting a monitor, and monitoring the calling of the privacy authority method globally; analyzing the environmental log and judging whether the privacy authority is called or not; by means of the Hook technology, all the API relevant to the user privacy can be captured when called, and detailed calling stack information is printed; the developer can quickly and accurately locate the crux and carry out related rectification so as to protect the privacy of the user.
Description
Technical Field
The invention relates to the field of android development safety, in particular to a method for monitoring API (application program interface) calling related to android application privacy based on a Hook technology.
Background
The android system provides a part of methods for developers to obtain relevant information of the equipment, such as obtaining an installed application program list of the equipment by a queryientactiviassisser of an ApplicationPackageManager class, obtaining an equipment Mac address by a gethardwareadress method of a NetworkInterface class, and the like. These special methods involve privacy concerns for the user and should therefore be notified when and when needed as needed. For ease of description, similar methods are collectively referred to hereinafter as "user privacy related APIs".
When an android developer develops an application, a part of third-party libraries need to be accessed and used so as to realize rapid iterative development. The introduction of the third-party library also brings the problem that the user privacy related API is called privately. According to the relevant provisions: before a user installs an application for the first time and receives a privacy policy, the user should not call any user privacy related API, and the user cannot excessively call the user privacy related API in the application using process. How to monitor is a problem worthy of exploration.
For developers, monitoring whether the three-party library calls sensitive information of the user or not through android system logs is mainly adopted at present. The method can identify the calling behaviors of part of three-party libraries, but has certain defects when the logs are not printed or calling rights such as reflection and the like are passed through unconventional methods, and the calling behaviors cannot be effectively distinguished.
Disclosure of Invention
Aiming at the defects and shortcomings of the prior art, the invention provides the method for monitoring the calling of the API related to the privacy of the android application based on the Hook technology, helps an android developer monitor the calling of the three-party library to the API related to the privacy of the user more accurately, maintains the privacy right of the user, and avoids related security risks for the developer and the enterprise where the developer is located.
In order to achieve the purpose, the invention adopts the technical scheme that: it comprises the following steps:
firstly, installing a necessary virtual environment Xpos of Hook technology;
secondly, establishing a monitor; the monitor is used for monitoring the calling of the user privacy related API in the android system in a global mode and outputting a related calling log;
thirdly, starting a monitor, and monitoring the calling of the privacy authority method globally;
and fourthly, analyzing the environmental log and judging whether the privacy authority is called or not.
Further, in step one, the Xposed environment provides the zygate process that has succeeded in Hook, and in the Xposed environment, the Hook target method can be used, and the callback is received before and after the method call.
Further, the Hook environment employs an open-source Xposed framework.
Further, a monitor SecretMonitor is created in the second step, an IXposedHookLoadPackage interface is realized, and a handleLoadPackage method is realized; a Hook user privacy related API in the handleLoadPackage method; when these APIs are called by a three-party library, the relevant callbacks are received.
And further, after the monitor App is operated in the third step, starting the application to be detected to perform related test operation.
Further, the Xpos frame log is analyzed in the fourth step, when the log of ' calling queryIntentActivities Assaser () to obtain the application list ' is printed out, the method of ' queryIntentActivities Assaser () is called for the application to be detected, the privacy authority of the user is read, and analysis and solution can be carried out according to the specific stack log.
After the scheme is adopted, the invention has the beneficial effects that: according to the method for monitoring the API call related to android application privacy, all the API call related to user privacy can be captured by means of the Hook technology, and detailed call stack information is printed; the developer can quickly and accurately locate the crux and carry out related rectification so as to protect the privacy of the user.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions in the prior art, the drawings used in the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present invention, and for those skilled in the art, other drawings can be obtained according to these drawings without creative efforts.
FIG. 1 is a flow chart of the present invention;
fig. 2 is a block diagram of the overall structure of the present invention.
Detailed Description
The invention will be further described with reference to the accompanying drawings.
Referring to fig. 1-2, an embodiment: it comprises the following steps:
firstly, installing a necessary virtual environment Xpos of Hook technology; the Hook environment adopts an open-source Xpos framework and is used for providing a Hook operating environment for the invention; the Xpos environment provides a Zygote process which succeeds in Hook, and in the Xpos environment, a Hook target method can be used, and callbacks are received before and after method calling;
secondly, establishing a monitor; the monitor is used for monitoring the calling of the user privacy related API in the android system in a global mode and outputting a related calling log; the method specifically comprises the following steps:
a monitor SecretMonitor is established, an IXposedHookLoadPackage interface is realized, and a handleLoadPackage method is realized; a Hook user privacy related API in the handleLoadPackage method; when these APIs are called by a three-party library, the relevant callbacks are received:
the above step Hook describes the queryIntentActivities Assaser method of the ApplicationPackageManager class.
Thirdly, starting a monitor, and calling a global privacy monitoring authority method: after the monitor App is operated, starting the application to be detected to carry out related test operation;
analyzing the environmental log, and judging whether the privacy authority is called: analyzing the Xpos frame log, and when the log of the application list is obtained by printing out 'calling queryIntentActivities _ AsUser ()', calling the queryIntentActivities _ AsUser () method for the application to be detected, reading the privacy authority of the user, and analyzing and solving according to the specific stack log.
The invention can be applied in the following scenes:
application scenario 1: before the android application is on the shelf, the application can be detected by using the method, when the third-party library privately calls the user privacy related API, related stack information can be printed, and a developer can accurately judge which third-party library the third-party library belongs to and when the user privacy information is acquired according to the log and perform related correction.
Application scenario 2: when receiving the android application rectification announcement of the Ministry of industry and post, the Internet post and the like, the method and the system can quickly and accurately position the position calling the API relevant to the user privacy, and greatly improve the rectification efficiency.
The above description is only for the purpose of illustrating the technical solutions of the present invention and not for the purpose of limiting the same, and other modifications or equivalent substitutions made by those skilled in the art to the technical solutions of the present invention should be covered within the scope of the claims of the present invention without departing from the spirit and scope of the technical solutions of the present invention.
Claims (6)
1. A method for monitoring API call related to android application privacy is characterized by comprising the following steps:
firstly, installing a necessary virtual environment Xpos of Hook technology;
secondly, establishing a monitor; the monitor is used for monitoring the calling of the user privacy related API in the android system in a global mode and outputting a related calling log;
thirdly, starting a monitor, and monitoring the calling of the privacy authority method globally;
and fourthly, analyzing the environmental log and judging whether the privacy authority is called or not.
2. The method as claimed in claim 1, wherein in step one, the Xposed environment provides a Zygote process that has succeeded in Hook, and in the Xposed environment, a Hook target method can be used and callbacks are received before and after the method call.
3. The method of monitoring android application privacy related API calls as claimed in claim 1 or 2, wherein the Hook environment employs an open-sourced Xpos framework.
4. The method for monitoring API call related to android application privacy as claimed in claim 1, wherein in step two, a monitor SecretMonitor is created and an IXpos HookLoadPackage interface is implemented, and a handleLoadPackage method is implemented; a Hook user privacy related API in the handleLoadPackage method; when these APIs are called by a three-party library, the relevant callbacks are received.
5. The method for monitoring API calls related to android application privacy as claimed in claim 1, wherein after the monitor App is run in step three, the application to be detected is started to perform related test operations.
6. The method for monitoring API (application program interface) calling related to android application privacy as claimed in claim 1, characterized in that in step four, Xpos frame logs are analyzed, when a "call queryIntentActivities Assembler () log is printed to obtain an application list" log, a queryIntentActivities Assembler () method is called for an application to be detected, the privacy authority of a user is read, and analysis and resolution can be performed according to a specific stack log.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210035215.1A CN114416480A (en) | 2022-01-12 | 2022-01-12 | Method for monitoring API call related to android application privacy |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210035215.1A CN114416480A (en) | 2022-01-12 | 2022-01-12 | Method for monitoring API call related to android application privacy |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114416480A true CN114416480A (en) | 2022-04-29 |
Family
ID=81273280
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210035215.1A Pending CN114416480A (en) | 2022-01-12 | 2022-01-12 | Method for monitoring API call related to android application privacy |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114416480A (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108491729A (en) * | 2018-02-26 | 2018-09-04 | 挖财网络技术有限公司 | The method and device of dynamic protection privacy of user in Android system |
| CN109241731A (en) * | 2018-09-11 | 2019-01-18 | 厦门市美亚柏科信息股份有限公司 | A kind of method for protecting privacy based on virtual application, device and storage medium |
| CN110727952A (en) * | 2019-08-30 | 2020-01-24 | 国家计算机网络与信息安全管理中心 | Privacy collection and identification method for third-party library of mobile application program |
-
2022
- 2022-01-12 CN CN202210035215.1A patent/CN114416480A/en active Pending
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108491729A (en) * | 2018-02-26 | 2018-09-04 | 挖财网络技术有限公司 | The method and device of dynamic protection privacy of user in Android system |
| CN109241731A (en) * | 2018-09-11 | 2019-01-18 | 厦门市美亚柏科信息股份有限公司 | A kind of method for protecting privacy based on virtual application, device and storage medium |
| CN110727952A (en) * | 2019-08-30 | 2020-01-24 | 国家计算机网络与信息安全管理中心 | Privacy collection and identification method for third-party library of mobile application program |
Non-Patent Citations (1)
| Title |
|---|
| 拖地先生: "Android隐私API合规策略及检测方法", pages 1 - 13, Retrieved from the Internet <URL:https://mp.weixin.qq.com/s/8i4nHCrrke-q5yBlM9tLyA#at> * |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Gianazza et al. | Puppetdroid: A user-centric ui exerciser for automatic dynamic analysis of similar android applications | |
| US8862942B2 (en) | Method of system for detecting abnormal interleavings in concurrent programs | |
| US20120272322A1 (en) | Determining the vulnerability of computer software applications to privilege-escalation attacks | |
| CN109831351B (en) | Link tracking method, device, terminal and storage medium | |
| US11182479B2 (en) | Call stack acquisition device, call stack acquisition method, and call stack acquisition program | |
| US20140201840A1 (en) | Identifying stored security vulnerabilities in computer software applications | |
| CN112199720A (en) | Authority monitoring processing method, device, computer equipment and medium | |
| CA2966161A1 (en) | Monitoring and correlating a binary process in a distributed business transaction | |
| CN114417335A (en) | Malicious file detection method and device, electronic equipment and storage medium | |
| CN110990842A (en) | Recurrence method and device of small probability event, storage medium and electronic equipment | |
| CN114253864A (en) | Service testing method and device, electronic equipment and storage medium | |
| CN110688245B (en) | Information acquisition method, device, storage medium and equipment | |
| US9886367B2 (en) | Unified processing test structure | |
| CN112632547A (en) | Data processing method and related device | |
| CN111371783B (en) | SQL injection attack detection method, device, equipment and storage medium | |
| CN114416480A (en) | Method for monitoring API call related to android application privacy | |
| CN110990221A (en) | Kernel LKM-based Android platform malicious software automatic detection method and system | |
| CN115454856A (en) | Multi-application security detection method, device, medium and electronic equipment | |
| KR20180127612A (en) | System for preventing analysis avoidance of malignant code in virtual environment | |
| CN114462030A (en) | Privacy policy processing and evidence obtaining method, device, equipment and storage medium | |
| CN110069926B (en) | Malicious code positioning method, storage medium and terminal for Android repackaging application | |
| CN111124423A (en) | Multi-platform-based compiling detection method, device, server and medium | |
| CN112506782A (en) | Application program testing method, device, equipment and storage medium | |
| CN112035354B (en) | Positioning method, device and equipment of risk codes and storage medium | |
| CN112035354A (en) | Method, device and equipment for positioning risk code and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| RJ01 | Rejection of invention patent application after publication | ||
| RJ01 | Rejection of invention patent application after publication |
Application publication date: 20220429 |