CN114417310A - Application violation feedback method and device, electronic equipment and storage medium - Google Patents

Application violation feedback method and device, electronic equipment and storage medium Download PDF

Info

Publication number
CN114417310A
CN114417310A CN202210075047.9A CN202210075047A CN114417310A CN 114417310 A CN114417310 A CN 114417310A CN 202210075047 A CN202210075047 A CN 202210075047A CN 114417310 A CN114417310 A CN 114417310A
Authority
CN
China
Prior art keywords
privacy policy
violation
application program
application
item
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Withdrawn
Application number
CN202210075047.9A
Other languages
Chinese (zh)
Inventor
丁聪霜
吴国华
吴中华
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Individual
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Priority to CN202210075047.9A priority Critical patent/CN114417310A/en
Publication of CN114417310A publication Critical patent/CN114417310A/en
Withdrawn legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/44Program or device authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The application relates to the field of computer software, in particular to an application violation feedback method, an application violation feedback device, electronic equipment and a storage medium, wherein the method comprises the following steps: obtaining a privacy policy of at least one application program, wherein the application program comprises an application program installed in a terminal device; judging whether the clause items of the privacy policy of the at least one application program are in compliance, and determining the non-compliance clause items as violation items; determining weight information of the violation item, wherein the weight information of the violation item comprises weight information of the violation item occupying privacy policy of an application program to which the violation item belongs; and returning the violation item and the weight information of the violation item. The method and the device are convenient for users to know the illegal contents in the privacy policy of the application program.

Description

Application violation feedback method and device, electronic equipment and storage medium
Technical Field
The present application relates to the field of computer software, and in particular, to a method and an apparatus for feedback of violation of application program, an electronic device, and a storage medium.
Background
With the rapid development of internet technology, the number and kinds of APPs (applications) are increasing. The application program can bring convenience to users, and meanwhile, the application program also collects a large amount of personal information. When a user logs in or registers the application program for the first time, the terminal equipment prompts the user to read the privacy policy of the application program.
Research has shown that most users do not read the privacy policy carefully but rather click directly to agree to the privacy policy in order to save time when using applications. When the privacy policy of the application program contains the content of illegally collected personal information, the user is not informed, and the personal information is leaked.
In the process of implementing the present application, the inventor finds that how to facilitate users to know the content of violations in the privacy policy of the application becomes a key issue.
Disclosure of Invention
In order to facilitate users to know violation content in an application privacy policy, the application violation feedback method and device, the electronic device and the storage medium are provided.
In a first aspect, the application violation feedback method provided by the present application adopts the following technical scheme:
an application violation feedback method, comprising:
obtaining a privacy policy of at least one application program, wherein the application program comprises an application program installed in a terminal device;
judging whether the clause items of the privacy policy of the at least one application program are in compliance, and determining the non-compliance clause items as violation items;
determining weight information of the violation item, wherein the weight information of the violation item comprises weight information of the violation item occupying privacy policy of an application program to which the violation item belongs;
and returning the violation item and the weight information of the violation item.
By adopting the technical scheme, the privacy policy of at least one application program installed in the terminal equipment can be obtained, the privacy policy of the application program is analyzed, whether the clause items of the privacy policy are in compliance or not is judged, all illegal items can be determined, the weight of the illegal items in the privacy policy of the application program to which the illegal items belong is determined, the weight information of the illegal items is determined, and the illegal items and the weight information of the illegal items are returned. Therefore, when the user does not carefully check the privacy policy, and the illegal item exists in the privacy policy, the user can be reminded, and therefore the user can know the illegal content in the privacy policy of the application program conveniently.
In another possible implementation manner, the obtaining of the privacy policy of the at least one application includes:
determining a download source of at least one application program;
determining an application program meeting a first preset condition based on a download source of the at least one application program, wherein the application program meeting the first preset condition is an application program which does not belong to the terminal equipment;
and acquiring the privacy policy of the application program meeting the first preset condition.
By adopting the technical scheme, the application program meeting the first preset condition can be determined based on the downloading source of the application program, the application program for acquiring the privacy policy is preliminarily screened, the privacy policy of the application program carried by the terminal equipment is not processed, and only the privacy policy of the application program not carried by the terminal equipment is acquired, so that the calculation amount for processing the privacy policy can be reduced.
In another possible implementation manner, the obtaining of the privacy policy of any application includes at least one of the following:
when a privacy policy checking instruction triggered by a user is detected, a privacy policy displayed by the terminal equipment is obtained;
sending a privacy policy acquisition request to a server corresponding to any application program, and receiving a privacy policy returned by the server corresponding to any application program;
and when the confirmation operation for acquiring the privacy policy instruction by the simulation user is detected, acquiring the privacy policy of any application program, wherein the privacy policy instruction acquired by the simulation user carries the information of the application program of which the privacy policy is to be acquired.
By adopting the technical scheme, the privacy policy displayed by the terminal equipment when the user checks the privacy policy is obtained, or the privacy policy returned by the server corresponding to the application program is received, or a simulated privacy policy obtaining instruction is sent to the user, and the privacy policy is obtained through the various modes, so that whether the violation items exist in the privacy policy of the application program is further conveniently determined.
In another possible implementation manner, the determining whether the term item of the privacy policy of any application program is compliant includes:
acquiring a compliance privacy policy library, wherein the compliance privacy policy library comprises at least one item of compliance privacy policy content;
respectively inputting at least one item of compliant privacy policy content in the compliant privacy policy library and a privacy policy of any application program into a pre-trained model to obtain a plurality of first preset sentence vectors and a plurality of second preset sentence vectors, wherein the first preset sentence vectors comprise the sentence vectors of the at least one item of compliant privacy policy content, and the second preset sentence vectors comprise the privacy policy sentence vectors of any application program;
determining each included angle value corresponding to each second preset sentence vector and each first preset sentence vector;
if the included angle values are smaller than the preset included angle values, judging that the clause items of the privacy policy of any application program are not in compliance;
wherein the determining of the non-compliant clause item as a violation item comprises:
and determining a second preset sentence vector corresponding to the current included angle values smaller than the preset included angle values, and determining a clause item corresponding to the second preset sentence vector as an illegal item.
By adopting the technical scheme, the first preset sentence vector of the content of the compliance privacy policy is determined, the second preset sentence vector of the application program is determined, the included angle value between the first preset sentence vector and the second preset sentence vector is determined, and the matching degree of the privacy policy entry of the application program and the content of the compliance privacy policy is judged by judging the included angle value between the first preset sentence vector and the second preset sentence vector, so that whether the privacy policy entry of the application program is in compliance or not is judged, and the result of determining the illegal entry is accurate.
In another possible implementation manner, the obtaining of the compliance privacy policy library includes:
determining category information corresponding to any application program;
determining a compliant privacy policy repository that matches the category information corresponding to the any application.
By adopting the technical scheme, the category information of the application program is determined firstly, the compliance privacy policy base matched with the category information of the application program is determined from all the compliance privacy policy bases, so that the privacy policy of the application program is compared with the content of the compliance privacy policy of the corresponding category in a targeted manner, the comparison between the privacy policy and the compliance privacy policy base with small correlation is reduced, the calculated amount is reduced, further, the privacy policy corresponding to the application program is matched with the compliance privacy policy base corresponding to the type to determine the illegal item, and the accuracy of determining the illegal item can be improved.
In another possible implementation manner, the obtaining of the privacy policy of the at least one application includes at least one of:
when the permission refusing operation triggered by the user is detected, the privacy policy of at least one application program is obtained;
when a privacy policy viewing operation triggered by a user is detected, at least one application privacy policy is obtained.
By adopting the technical scheme, when the user triggers to reject a certain right or the user checks the privacy policy, the possibility of violation items existing in the privacy policy is high, and the privacy policy of the application program is acquired, so that two occasions for detecting whether the violation policy exists in the privacy item of the application program are provided, the violation item detection is carried out in the two occasions, and the possibility of detecting the violation items can be increased.
In another possible implementation manner, the determining whether the term item of the privacy policy of the at least one application is compliant includes:
acquiring a past violation item and determining the number of times that the past violation item is determined as the violation item, wherein the past violation item comprises at least one item of money with history of being determined as the violation item;
determining the past violation items meeting a second preset condition as key violation entry items, wherein the number of the past violation entry items meeting the second preset condition, which are determined as violation items, is greater than a preset number;
and preferentially judging whether the key violation clauses are in compliance.
By adopting the technical scheme, the number of times of violation items determined as the number of times of violation items is compared with the preset number of times according to the history of the violation items, so that the violation items determined as the number of times of violation items are determined, the violation items meeting the condition that the number of times of violation items is greater than the preset number of times are determined as key violation items, and when the condition items of the privacy policy are judged to be in compliance, whether key violation items are in compliance is judged preferentially, so that the efficiency of detecting the violation items is improved.
In a second aspect, the present application provides an apparatus for feedback of violation of application program, which adopts the following technical solution:
an application violation feedback device comprising:
the terminal device comprises an acquisition module, a privacy policy module and a privacy policy module, wherein the acquisition module is used for acquiring the privacy policy of at least one application program, and the application program comprises the application program installed in the terminal device;
the judging module is used for judging whether the clause items of the privacy policy of the at least one application program are in compliance;
a first determining module, configured to determine an out-of-compliance clause item as an offending item;
the second determining module is used for determining the weight information of the violation item, and the weight information of the violation item comprises the weight information of the violation item occupying the privacy policy of the application program to which the violation item belongs;
and the returning module is used for returning the violation item and the weight information of the violation item.
By adopting the technical scheme, the acquisition module can acquire the privacy policy of at least one application program installed in the terminal equipment, the privacy policy of the application program is analyzed, the judgment module judges whether the clause items of the privacy policy are in compliance, therefore, the first determination module can determine all illegal items, the second determination module determines the weight of the illegal items in the privacy policy of the application program to which the illegal items belong, the weight information of the illegal items is determined, the weight information of the illegal items and the weight information of the illegal items are returned, when the user does not carefully check the privacy policy, when the illegal items exist in the privacy policy, the user can be reminded, and therefore, the user can conveniently know the illegal contents in the privacy policy of the application program.
In another possible implementation manner, the obtaining module, when obtaining the privacy policy of at least one application, is specifically configured to:
determining a download source of at least one application program;
determining an application program meeting a first preset condition based on a download source of the at least one application program, wherein the application program meeting the first preset condition is an application program which does not belong to the terminal equipment;
and acquiring the privacy policy of the application program meeting the first preset condition.
In another possible implementation manner, the obtaining module is specifically configured to, when obtaining the privacy policy of the at least one application program, at least one of:
when a privacy policy checking instruction triggered by a user is detected, a privacy policy displayed by the terminal equipment is obtained;
sending a privacy policy acquisition request to a server corresponding to any application program, and receiving a privacy policy returned by the server corresponding to any application program;
and when the confirmation operation for acquiring the privacy policy instruction by the simulation user is detected, acquiring the privacy policy of any application program, wherein the privacy policy instruction acquired by the simulation user carries the information of the application program of which the privacy policy is to be acquired.
In another possible implementation manner, the determining module, when determining whether a term item of the privacy policy of any application is compliant, is specifically configured to:
acquiring a compliance privacy policy library, wherein the compliance privacy policy library comprises at least one item of compliance privacy policy content;
respectively inputting at least one item of compliant privacy policy content in the compliant privacy policy library and a privacy policy of any application program into a pre-trained model to obtain a plurality of first preset sentence vectors and a plurality of second preset sentence vectors, wherein the first preset sentence vectors comprise the sentence vectors of the at least one item of compliant privacy policy content, and the second preset sentence vectors comprise the privacy policy sentence vectors of any application program;
determining each included angle value corresponding to each second preset sentence vector and each first preset sentence vector;
and if the included angle values are smaller than the preset included angle value, determining that the clause items of the privacy policy of any application program are not in compliance.
In another possible implementation manner, when determining the non-compliant clause item as the violation item, the first determining module is specifically configured to:
and determining a second preset sentence vector corresponding to the current included angle values smaller than the preset included angle values, and determining a clause item corresponding to the second preset sentence vector as an illegal item.
In another possible implementation manner, when the determining module obtains the compliance privacy policy repository, the determining module is specifically configured to:
determining category information corresponding to any application program;
determining a compliant privacy policy repository that matches the category information corresponding to the any application.
In another possible implementation manner, the obtaining module is specifically configured to, when obtaining the privacy policy of the at least one application program, at least one of:
when the permission refusing operation triggered by the user is detected, the privacy policy of at least one application program is obtained;
when a privacy policy viewing operation triggered by a user is detected, at least one application privacy policy is obtained.
In another possible implementation manner, the determining module, when determining whether a term item of the privacy policy of the at least one application is compliant, is specifically configured to:
acquiring a past violation item and determining the number of times that the past violation item is determined as the violation item, wherein the past violation item comprises at least one item of money with history of being determined as the violation item;
determining the past violation items meeting a second preset condition as key violation entry items, wherein the number of the past violation entry items meeting the second preset condition, which are determined as violation items, is greater than a preset number;
and preferentially judging whether the key violation clauses are in compliance.
In a third aspect, the present application provides an electronic device, which adopts the following technical solutions:
an electronic device, comprising:
at least one processor;
a memory;
at least one application, wherein the at least one application is stored in the memory and configured to be executed by the at least one processor, the at least one program configured to: an application violation feedback method according to any one of the possible implementations of the first aspect is performed.
In a fourth aspect, the present application provides a computer-readable storage medium, which adopts the following technical solutions:
a computer-readable storage medium, comprising: a computer program is stored which can be loaded by a processor and which implements an application violation feedback method as shown in any one of the possible implementations of the first aspect.
In summary, the present application includes at least one of the following beneficial technical effects:
1. the method comprises the steps that the privacy policy of at least one application installed in the terminal equipment can be obtained, the privacy policy of the application is analyzed, whether the clause items of the privacy policy are in compliance or not is judged, all illegal items can be determined, the weight of the illegal items in the privacy policy of the application to which the illegal items belong is determined, the weight information of the illegal items and the weight information of the illegal items are returned, when the user does not carefully check the privacy policy, the user can be reminded when the illegal items exist in the privacy policy, and therefore the user can know the illegal contents in the privacy policy of the application conveniently;
2. the method comprises the steps of firstly determining the category information of the application program, and determining the compliance privacy policy bank matched with the category information of the application program from all the compliance privacy policy banks, so that the privacy policy of the application program is pertinently compared with the content of the compliance privacy policy of the corresponding category, the comparison between the privacy policy and the compliance privacy policy bank with small correlation is reduced, the calculated amount is reduced, further, the privacy policy corresponding to the application program is matched with the compliance privacy policy bank corresponding to the type, the illegal item is determined, and the accuracy of determining the illegal item can be improved.
Drawings
Fig. 1 is a flowchart illustrating an application violation feedback method according to an embodiment of the present application.
Fig. 2 is a schematic structural diagram of an application violation feedback device according to an embodiment of the present application.
Fig. 3 is a schematic structural diagram of an electronic device according to an embodiment of the present application.
Detailed Description
The embodiments of the present application will be described in further detail with reference to the accompanying drawings 1-3.
The present embodiment is only for explaining the present application, and it is not limited to the present application, and those skilled in the art can make modifications of the present embodiment without inventive contribution as needed after reading the present specification, but all of them are protected by patent law within the scope of the claims of the present application.
In order to make the objects, technical solutions and advantages of the embodiments of the present application clearer, the technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application, and it is obvious that the described embodiments are some embodiments of the present application, but not all embodiments. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present application.
In addition, the term "and/or" herein is only one kind of association relationship describing an associated object, and means that there may be three kinds of relationships, for example, a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. In addition, the character "/" herein generally indicates that the former and latter related objects are in an "or" relationship, unless otherwise specified.
With the rapid development of the internet, the number and types of application programs installed in the intelligent terminal device are increased. When a user logs in and registers an application program for the first time, most users often do not carefully check the privacy policy of the application program, so that the user is unaware when the application program illegally collects personal information.
In order to solve the above technical problem, an embodiment of the present application provides an application violation feedback method, which can obtain a privacy policy of an application, determine whether a term item of the privacy policy is compliant, determine a violation item, and return weight information of the violation item and the violation item, so that a user can know the weight information of the violation item and the violation item, and the possibility of personal information leakage and property loss is reduced.
The embodiment of the application program violation feedback method is executed by electronic equipment, and the electronic equipment can be a server or terminal equipment. The server may be an independent physical server, or may be a cloud server providing cloud computing services. The terminal device may be, but is not limited to, a smart phone, a tablet computer, a notebook computer, a desktop computer, and the like.
Further, an embodiment of the present application provides an application violation feedback method, where in the following embodiments, an execution subject takes a terminal device as an example, but not as a limitation to the embodiment of the present application, and as shown in fig. 1, an example is given to execute an application violation feedback method, which is specifically shown as follows:
step S101, a privacy policy of at least one application program is obtained.
Wherein the application program comprises an application program installed in the terminal device.
For the embodiment of the application, the privacy policy of at least one application program installed in the terminal equipment is obtained, and the privacy policy refers to that the application program has privacy right for a user to inform the user how the application program is a file for processing, protecting, using and sharing personal information of the user. For example, taking a smart phone as an example, before a user registers or logs in a certain application program for the first time, the privacy policy of the application program is displayed on a display screen of the mobile phone of the user, and the privacy policy displayed on the screen of the mobile phone is obtained.
Step S102, judging whether the clause items of the privacy policy of at least one application program are in compliance, and determining the non-compliance clause items as violation items.
For the embodiments of the present application, the term item of the privacy policy refers to a term in the privacy policy statement of the application. Determining whether the terms of the privacy policy of the at least one application are compliant may include: and acquiring an application program list selected by the user, and judging the clause of the privacy policy of one, a plurality of or all the application programs selected by the user.
For example, the term items of the privacy policy include "how we (application) collect and use your (user) personal information", "how we share transfer disclosure your personal information", and "how we protect your personal information", and the like. Among them, "how we (application) collect and use your (user) personal information" may include: collecting information related to your registration and login, wherein the information comprises a mobile phone number, a login IP address, a login log and the like; but also information uses including improving your service experience and improving our products and services and other uses allowed by laws and regulations.
Specifically, the offending item refers to a money item for illegally collecting and using personal information. For example, when the privacy policy of a certain input method application includes: "this input method may collect the words input by you, including the numbers and password data", and the clause item may illegally collect the password data of the user, then the clause item is determined to be an illegal item.
In step S103, weight information of the violation item is determined.
The weight information of the violation item comprises the weight information of the violation item occupying the privacy policy of the application program to which the violation item belongs.
For the embodiment of the application, the weight information of the violation item refers to the violation degree of the violation item in all privacy policy clauses of the application, that is, the higher the violation degree is, or the more the violation items are, the larger the value corresponding to the weight information is. For example, the weight information may be a proportional value, ten items of privacy policy terms of the XXX application, and two items of violation, and the weight information of the violation is 20%.
In step S104, the violation item and the weight information of the violation item are returned.
For the embodiment of the present application, the returning, by the terminal device, the violation item and the weight information of the violation item may include: and the terminal equipment returns a violation list, and the violation list contains violation items and weight information corresponding to the violation items. For example, the left side of the violation list shows the violation item, i.e., "XXX application gets your album", and the right side of the violation list shows the weight information of the violation item, i.e., "the violation item accounts for 20% of the XXX application privacy policy".
The terminal device returns the violation item and the weight information of the violation item, and may further include: and the terminal equipment returns the link, and the user can click the link after obtaining the link returned by the terminal equipment to obtain the violation item and the weight information corresponding to the violation item. The links carry violation items to be checked and weight information of the violation items.
Specifically, in the embodiment of the present application, the obtaining of the privacy policy of at least one application in step S101 may specifically include at least one of step S1011 (not shown in the figure) and step S1012 (not shown in the figure), wherein,
in step S1011, when the permission denying operation triggered by the user is detected, the privacy policy of at least one application program is obtained.
For the embodiment of the application, when a user triggers a virtual button in the process of using an application program, the function corresponding to the virtual button needs to acquire a new right, the terminal device displays the new right content, and displays 'confirm' and 'reject' below the new right content. And when the terminal equipment detects that the permission denial operation triggered by the user is performed, acquiring the privacy policy of the application program.
For example, when the user clicks "select movie" while the user uses a certain video application, the terminal device displays "XXX application is trying to acquire your location information" and displays "confirm" and "reject". When a user-triggered "reject" operation is detected, the privacy policy of the application may include an offending item, at which time the privacy policy of the application is obtained.
In step S1012, when a privacy policy viewing instruction triggered by a user is detected, a privacy policy of at least one application program is obtained.
For the embodiment of the application, the user can trigger the privacy policy viewing instruction by triggering the virtual key of the terminal device, that is, the terminal device obtains the privacy policy of the application program when detecting the virtual key touched by the user on the display screen.
Specifically, the obtaining of the privacy policy of at least one application may further include step S101a (not shown in the figure), step S101b (not shown in the figure), and step S101c (not shown in the figure), wherein,
in step S101a, a download source of at least one application program is determined.
For the embodiment of the present application, determining the download source of the application program may include: reading the signature certificate of the application program, and reading an expansion field in the signature certificate of the application program to determine a downloading source of the application program because software development related personnel generally write channel information of the application program into the expansion field of the signature certificate of the application program.
Step S101b, determining an application program satisfying a first preset condition based on a download source of at least one application program.
The application program meeting the first preset condition is an application program which does not belong to the terminal equipment.
For the embodiment of the present application, the application program not owned by the terminal device refers to application software that does not exist in the terminal device when the system is started for the first time, and may be an application program downloaded by a user through an application market, a browser, or a link.
In step S101c, a privacy policy of an application program that satisfies a first preset condition is obtained.
For the embodiment of the application, the privacy policy of each application program meeting the first preset condition is respectively obtained, and the privacy policy of the application program not meeting the first preset condition is not processed, that is, the privacy policy of the application program carried by the terminal device is not obtained. The possibility that the privacy policy of the application program carried by the terminal equipment contains the illegal item is low, so that only the privacy policy which does not belong to the application program carried by the terminal equipment is obtained when the privacy policy of the application program is judged, and the calculation amount can be reduced.
Specifically, in the embodiment of the present application, acquiring the privacy policy of any application may specifically include: at least one of step Sa (not shown), step Sb (not shown), and step Sc (not shown), wherein,
and step Sa, when a privacy policy checking instruction triggered by a user is detected, obtaining a privacy policy displayed by the terminal equipment.
For the embodiment of the application, if a privacy policy checking instruction triggered by a user is detected, the content displayed in the screen of the terminal device is obtained, the characteristic of the screen of the terminal device is identified, and the privacy policy displayed by the terminal device is obtained.
Specifically, the characteristic Recognition is performed on the screen of the terminal device, and the content displayed on the screen may be subjected to gray processing, layer-by-layer Recognition and pooling operations through an OCR (Optical Character Recognition), so as to finally obtain the privacy policy displayed by the terminal device.
And Sb, sending a privacy policy acquisition request to a server corresponding to any application program, and receiving a privacy policy returned by the server corresponding to any application program.
For the embodiment of the present application, sending a request for obtaining a privacy policy to a server of an application may include: and initiating a request through the hyperlink, namely sending a get request carrying the privacy policy of the XXX application program to the server of the application program, and receiving the privacy policy returned by the server of the application program.
And step Sc, when the confirmation operation of obtaining the privacy policy instruction aiming at the simulation user is detected, obtaining the privacy policy of any application program.
The simulated user privacy policy acquisition instruction carries application program information of the privacy policy to be acquired.
For the embodiment of the application, the user is simulated to obtain the privacy policy instruction, namely when the user does not trigger to obtain the privacy policy instruction, the user is informed that the terminal equipment wants to obtain the privacy policy at the moment by sending the simulation instruction to the user, and when the confirmation operation triggered by the user is detected, the privacy policy of the application program is obtained by simulating the operation of obtaining the privacy policy instruction by the user. The simulated user privacy policy acquisition instruction may include information such as the name and installation location of the application program to be subjected to the privacy policy acquisition.
Specifically, in the embodiment of the present application, the determining in step S102 whether the clause item of the privacy policy of the at least one application program is compliant may specifically include: step S1021 (not shown), step S1022 (not shown), step S1023 (not shown), and step S1024 (not shown), wherein,
step S1021, acquiring a compliance privacy policy library.
Wherein the compliant privacy policy repository includes at least one item of compliant privacy policy content.
For embodiments of the present application, the compliance privacy policy repository may include: application violation identification standards published by application management departments, identification standards provided by application operators, and the like.
Step S1022, respectively inputting at least one item of content of the compliant privacy policy in the compliant privacy policy library and the privacy policy of any application program into the pre-trained model to obtain a plurality of first preset sentence vectors and a plurality of second preset sentence vectors.
For the embodiment of the application, the content of the compliance privacy policy and the privacy policy of the application program are input into a Word2Vec model which is trained in advance, and the Word2Vec model can perform Word segmentation processing and part-of-speech tagging processing on the content of the compliance privacy policy and the privacy policy of any application program to obtain an effective Word sequence and obtain a plurality of first preset sentence vectors and a plurality of second preset sentence vectors. In an embodiment of the present application, the first preset sentence vector includes a sentence vector of at least one item of compliant privacy policy content, and the second preset sentence vector includes a sentence vector of a privacy policy of any application program.
In step S1023, the angle between each second predetermined sentence vector and each first predetermined sentence vector is determined.
For the embodiment of the present application, determining an included angle value between each second preset sentence vector and any first preset sentence vector may include: and determining an included angle value according to each second preset sentence vector, any first preset sentence vector and a vector included angle formula. Wherein, the vector included angle formula is:
Figure DEST_PATH_IMAGE001
the first preset sentence vector is a (x 1, y 1), the second preset sentence vector is b (x 2, y 2), and the numerator is the quantity product coordinate operation of a and b, namely a · b = x1 × 2+ y1 × y 2; the denominator is the product of the moduli of a and b, i.e. | a | | b | = sqrt { (x 1) ^2+ (y 1) ^ 2) } ^ sqrt { (x 2) ^2+ (y 2) ^ 2) }.
Further, the angle between each second preset sentence vector and any one of the first preset sentence vectors can be obtained in the above manner, so as to further obtain the angle between each second preset sentence vector and each first preset sentence vector.
Step S1024, if each pinch angle value is smaller than the preset pinch angle value, determining that the clause item of the privacy policy of any application program is not compliant.
For the embodiment of the present application, an included angle value operation is performed on each second preset sentence vector and each first preset sentence vector, and each included angle value refers to an included angle value between each second preset sentence vector and each first preset sentence vector. The preset included angle value may be an included angle value input by a user in advance. In this embodiment of the application, if an included angle value between each second preset sentence vector and each first preset sentence vector is smaller than a preset included angle value, it is determined that the clause item and the compliance clause item corresponding to the second preset sentence vector are not in compliance if the matching degree of the clause item and the compliance clause item corresponding to the second preset sentence vector is low.
Specifically, in the embodiment of the present application, the determining, in step S102, an unqualified clause item as an illegal clause may specifically include: and determining a second preset sentence vector corresponding to the current included angle values smaller than the preset included angle values, and determining a clause item corresponding to the second preset sentence vector as an illegal item.
For the embodiment of the present application, the current included angle value refers to an included angle value between the second preset sentence vector corresponding to the current money and each first preset sentence vector. And if the included angle value between the second preset sentence vector corresponding to the current clause item and each first preset sentence vector is smaller than the preset included angle value, the content matching degree of the current clause and the content of the compliance privacy policy is low, and the current clause is determined to be an illegal clause.
In an implementation mode, keyword extraction can be further performed on the contents of the regulated privacy policy and the privacy policy of any application program respectively. In the embodiment of the application, keyword extraction can be respectively performed on the contents of the compliance privacy policy and the privacy policy of any application program through a TF-IDF (Term Frequency-Inverse file Frequency) model, the TF-IDF model can evaluate the probability of the keyword entries appearing in the text to obtain a first keyword of the contents of the compliance privacy policy and a second keyword of the privacy policy of any application program, the first keyword and the second keyword are compared, and the current matching degree of the first keyword and the second keyword is determined. Specifically, a first keyword of each privacy item of any application program is compared with a second keyword in a privacy policy library to obtain a matching degree, the current matching degree is compared with a preset matching degree, and a clause item of the privacy policy of the application program, in which the second keyword smaller than the preset matching degree is located, is determined as a violation item.
Specifically, in the embodiment of the present application, the obtaining of the compliance privacy policy library may specifically include step S10211 (not shown in the figure) and step S10212 (not shown in the figure), wherein,
in step S10211, category information corresponding to any application is determined.
For the embodiment of the present application, determining the category information corresponding to any application program may include: and determining the category information of the application program according to the field of the application program. The method can also comprise the following steps: and determining the category information of the application program according to the name information and the icon information of the application program. For example, the category information corresponding to the application program is determined, and the application program may carry tag information of the category information.
In step S10212, a compliant privacy policy repository matching the category information corresponding to any application is determined.
For the embodiment of the application, the compliance privacy policy library comprises compliance privacy policies of all application programs, and the compliance privacy policy library matched with the application program is matched in a targeted manner based on the category information corresponding to the current application program, so that when judging whether the privacy policies of the application programs are compliant or not, the privacy policies of the application programs can be compared with the compliance privacy policy library matched with the category of the application programs.
For the embodiment of the present application, the determining in step S102 whether the clause item of the privacy policy of at least one application program is compliant may specifically include: sd1 (not shown), Sd2 (not shown), Sd3 (not shown), and Sd4 (not shown), wherein,
and step Sd1, acquiring the past violation item and determining the number of times that the past violation item is determined as the violation item.
Wherein the past violation term includes at least one entry that has been historically determined to be a violation term.
For the embodiment of the application, all violation results in the history are obtained, and the number of times that each clause history is determined as a violation item is determined. For example, if the past violation item is "XXX application acquires your location information", and the number of occurrences of the item in all violation results in history is 15, it is determined that "XXX application acquires your location information" occurs 15 times in total.
And step Sd2, determining the past violation items meeting the second preset condition as important violation item.
And the number of times of the past violation items meeting the second preset condition that the violation items are determined to be violation items is greater than the preset number of times.
For the embodiment of the application, the preset times may be preset times input by a user, the times of the violation items determined as the violation items in the past are compared, and when the times of the violation items determined as the violation items in the past are greater than the preset times, it is indicated that the violation degree of the violation items in the past is higher, and the violation items in the past are key violation items.
And step Sd3, preferentially judging whether the key violation entry is in compliance.
For the embodiment of the application, whether the key violation entry is in compliance or not is judged preferentially, the priority of the key violation entry can be set as the highest priority by presetting the priority of the past violation entry, the priority of the past violation entry which does not meet the second preset condition is set as the next highest priority, the term of the highest priority is judged preferentially, and then the term of the next highest priority is judged.
Further, the above-mentioned embodiment introduces an application violation feedback method through a step flow, and the following embodiment introduces an application violation feedback device from the perspective of the device structure, which is applicable to the above-mentioned method embodiment, and specifically, refer to the following embodiment in detail:
an embodiment of the present application provides an application violation feedback device, and as shown in fig. 2, the application violation feedback device 20 may specifically include:
an obtaining module 201, configured to obtain a privacy policy of at least one application, where the application includes an application installed in a terminal device;
a determining module 202, configured to determine whether a term item of the privacy policy of the at least one application is compliant;
a first determination module 203 for determining an unqualified clause item as an offending item;
a second determining module 204, configured to determine weight information of the violation item, where the weight information of the violation item includes weight information of the violation item occupying a privacy policy of an application to which the violation item belongs;
a returning module 205, configured to return the violation item and weight information of the violation item.
In another possible implementation manner of the embodiment of the present application, when obtaining the privacy policy of at least one application, the obtaining module 201 is specifically configured to:
determining a download source of at least one application program;
determining an application program meeting a first preset condition based on a download source of the at least one application program, wherein the application program meeting the first preset condition is an application program which does not belong to the terminal equipment;
and acquiring the privacy policy of the application program meeting the first preset condition.
In another possible implementation manner of the embodiment of the present application, when obtaining the privacy policy of at least one application, the obtaining module 201 is specifically configured to:
when a privacy policy checking instruction triggered by a user is detected, a privacy policy displayed by the terminal equipment is obtained;
sending a privacy policy acquisition request to a server corresponding to any application program, and receiving a privacy policy returned by the server corresponding to any application program;
and when the confirmation operation for acquiring the privacy policy instruction by the simulation user is detected, acquiring the privacy policy of any application program, wherein the privacy policy instruction acquired by the simulation user carries the information of the application program of which the privacy policy is to be acquired.
In another possible implementation manner of the embodiment of the application, when determining whether the term item of the privacy policy of any application is compliant, the determining module 202 is specifically configured to:
acquiring a compliance privacy policy library, wherein the compliance privacy policy library comprises at least one item of compliance privacy policy content;
respectively inputting at least one item of compliant privacy policy content in the compliant privacy policy library and a privacy policy of any application program into a pre-trained model to obtain a plurality of first preset sentence vectors and a plurality of second preset sentence vectors, wherein the first preset sentence vectors comprise the sentence vectors of the at least one item of compliant privacy policy content, and the second preset sentence vectors comprise the privacy policy sentence vectors of any application program;
determining each included angle value corresponding to each second preset sentence vector and each first preset sentence vector;
and if the included angle values are smaller than the preset included angle values, judging that the clause items of the privacy policy of any application program are not in compliance.
In another possible implementation manner of the embodiment of the application, when determining the non-compliant clause item as the violation item, the first determining module 203 is specifically configured to:
and determining a second preset sentence vector corresponding to the current included angle values smaller than the preset included angle values, and determining a clause item corresponding to the second preset sentence vector as an illegal item.
In another possible implementation manner of the embodiment of the present application, when the determining module 202 obtains the compliance privacy policy repository, it is specifically configured to:
determining category information corresponding to any application program;
determining a compliant privacy policy repository that matches the category information corresponding to the any application.
In another possible implementation manner of the embodiment of the present application, when obtaining the privacy policy of at least one application, the obtaining module 201 is specifically configured to:
when the permission refusing operation triggered by the user is detected, the privacy policy of at least one application program is obtained;
when a privacy policy viewing operation triggered by a user is detected, at least one application privacy policy is obtained.
In another possible implementation manner of the embodiment of the application, when determining whether the clause item of the privacy policy of the at least one application is compliant, the determining module 202 is specifically configured to:
acquiring a past violation item and determining the number of times that the past violation item is determined as the violation item, wherein the past violation item comprises at least one item of money with history of being determined as the violation item;
determining the past violation items meeting a second preset condition as key violation entry items, wherein the number of the past violation entry items meeting the second preset condition, which are determined as violation items, is greater than a preset number;
and preferentially judging whether the key violation clauses are in compliance.
Further, it should be noted that: the first determining module 203 and the second determining module 204 may be the same determining module, may also be different determining modules, or may be partially the same determining module, which is not limited in this embodiment of the present application.
The embodiment of the application provides an application violation feedback device, and by adopting the technical scheme,
the obtaining module can obtain the privacy policy of at least one application program installed in the terminal equipment, the privacy policy of the application program is analyzed, the judging module judges whether the clause items of the privacy policy are in compliance, therefore, the first determining module can determine all illegal items, the second determining module determines the weight of the illegal item in the privacy policy of the application program to which the illegal item belongs, the weight information of the illegal item is determined, the weight information of the module illegal item and the weight information of the illegal item are returned, when a user does not carefully check the privacy policy, when the illegal item exists in the privacy policy, the user can be reminded, and therefore the user can know the illegal content in the privacy policy of the application program conveniently.
In an embodiment of the present application, there is also provided an electronic device, as shown in fig. 3, where the electronic device 30 shown in fig. 3 includes: a processor 301 and a memory 303. Wherein processor 301 is coupled to memory 303, such as via bus 302. Optionally, the electronic device 30 may also include a transceiver 304. It should be noted that the transceiver 304 is not limited to one in practical applications, and the structure of the electronic device 30 is not limited to the embodiment of the present application.
The Processor 301 may be a CPU (Central Processing Unit), a general-purpose Processor, a DSP (Digital Signal Processor), an ASIC (Application Specific Integrated Circuit), an FPGA (Field Programmable Gate Array) or other Programmable logic device, a transistor logic device, a hardware component, or any combination thereof. Which may implement or perform the various illustrative logical blocks, modules, and circuits described in connection with the disclosure. The processor 301 may also be a combination of computing functions, e.g., comprising one or more microprocessors, a combination of a DSP and a microprocessor, or the like.
Bus 302 may include a path that transfers information between the above components. The bus 302 may be a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus 302 may be divided into an address bus, a data bus, a control bus, and the like. For ease of illustration, only one thick line is shown in FIG. 3, but this does not mean only one bus or one type of bus.
The Memory 303 may be a ROM (Read Only Memory) or other type of static storage device that can store static information and instructions, a RAM (Random Access Memory) or other type of dynamic storage device that can store information and instructions, an EEPROM (Electrically Erasable Programmable Read Only Memory), a CD-ROM (Compact Disc Read Only Memory) or other optical Disc storage, optical Disc storage (including Compact Disc, laser Disc, optical Disc, digital versatile Disc, blu-ray Disc, etc.), a magnetic Disc storage medium or other magnetic storage device, or any other medium that can be used to carry or store desired program code in the form of instructions or data structures and that can be accessed by a computer, but is not limited to these.
The memory 303 is used for storing application program codes for executing the scheme of the application, and the processor 301 controls the execution. The processor 301 is configured to execute application program code stored in the memory 303 to implement the aspects illustrated in the foregoing method embodiments.
Among them, electronic devices include but are not limited to: a mobile terminal such as a mobile phone, a notebook computer, a digital broadcast receiver, a PDA (personal digital assistant), a PAD (tablet computer), a PMP (portable multimedia player), a car terminal (e.g., car navigation terminal), etc., and a fixed terminal such as a digital TV, a desktop computer, etc., may also be a server, etc. The electronic device shown in fig. 3 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
The present application provides a computer-readable storage medium, on which a computer program is stored, which, when running on a computer, enables the computer to execute the corresponding content in the foregoing method embodiments. Compared with the related art, the method and the device have the advantages that the privacy policy of at least one application installed in the terminal device can be obtained, the privacy policy of the application is analyzed, whether the clause items of the privacy policy are in compliance or not is judged, all illegal items can be determined, the weight of the illegal items in the privacy policy of the application to which the illegal items belong is determined, the weight information of the illegal items is determined, the illegal items and the weight information of the illegal items are returned, and when the user does not carefully check the privacy policy, and the user is reminded when the illegal items exist in the privacy policy, the user can know the illegal contents in the privacy policy of the application conveniently.
It should be understood that, although the steps in the flowcharts of the figures are shown in order as indicated by the arrows, the steps are not necessarily performed in order as indicated by the arrows. The steps are not performed in the exact order shown and may be performed in other orders unless explicitly stated herein. Moreover, at least a portion of the steps in the flow chart of the figure may include multiple sub-steps or multiple stages, which are not necessarily performed at the same time, but may be performed at different times, which are not necessarily performed in sequence, but may be performed alternately or alternately with other steps or at least a portion of the sub-steps or stages of other steps.
The foregoing is only a partial embodiment of the present application, and it should be noted that, for those skilled in the art, various modifications and decorations can be made without departing from the principle of the present application, and these modifications and decorations should also be regarded as the protection scope of the present application.

Claims (10)

1. An application violation feedback method, comprising:
obtaining a privacy policy of at least one application program, wherein the application program comprises an application program installed in a terminal device;
judging whether the clause items of the privacy policy of the at least one application program are in compliance, and determining the non-compliance clause items as violation items;
determining weight information of the violation item, wherein the weight information of the violation item comprises weight information of the violation item occupying privacy policy of an application program to which the violation item belongs;
and returning the violation item and the weight information of the violation item.
2. The method for feedback of application violation according to claim 1, wherein said obtaining a privacy policy of at least one application comprises:
determining a download source of at least one application program;
determining an application program meeting a first preset condition based on a download source of the at least one application program, wherein the application program meeting the first preset condition is an application program which does not belong to the terminal equipment;
and acquiring the privacy policy of the application program meeting the first preset condition.
3. The method for feedback of application violation according to claim 1 or 2, wherein obtaining the privacy policy of any application comprises at least one of:
when a privacy policy checking instruction triggered by a user is detected, a privacy policy displayed by the terminal equipment is obtained;
sending a privacy policy acquisition request to a server corresponding to any application program, and receiving a privacy policy returned by the server corresponding to any application program;
and when the confirmation operation for acquiring the privacy policy instruction by the simulation user is detected, acquiring the privacy policy of any application program, wherein the privacy policy instruction acquired by the simulation user carries the information of the application program of which the privacy policy is to be acquired.
4. The method for feeding back violation of application programs according to claim 1, wherein determining whether the terms of the privacy policy of any of the application programs are compliant comprises:
acquiring a compliance privacy policy library, wherein the compliance privacy policy library comprises at least one item of compliance privacy policy content;
respectively inputting at least one item of compliant privacy policy content in the compliant privacy policy library and a privacy policy of any application program into a pre-trained model to obtain a plurality of first preset sentence vectors and a plurality of second preset sentence vectors, wherein the first preset sentence vectors comprise the sentence vectors of the at least one item of compliant privacy policy content, and the second preset sentence vectors comprise the privacy policy sentence vectors of any application program;
determining each included angle value corresponding to each second preset sentence vector and each first preset sentence vector;
if the included angle values are smaller than the preset included angle values, determining that the clause items of the privacy policy of any application program are not in compliance;
wherein the determining of the non-compliant clause item as a violation item comprises:
and determining a second preset sentence vector corresponding to the current included angle values smaller than the preset included angle values, and determining a clause item corresponding to the second preset sentence vector as an illegal item.
5. The application violation feedback method of claim 4, wherein obtaining a compliance privacy policy repository comprises:
determining category information corresponding to any application program;
determining a compliant privacy policy repository that matches the category information corresponding to the any application.
6. The method of claim 1, wherein obtaining the privacy policy of at least one application comprises at least one of:
when the permission refusing operation triggered by the user is detected, the privacy policy of at least one application program is obtained;
when a privacy policy viewing operation triggered by a user is detected, at least one application privacy policy is obtained.
7. The method for feedback on violation of application program according to claim 1, wherein said determining whether the terms of the privacy policy of the at least one application program are compliant comprises:
acquiring a past violation item and determining the number of times that the past violation item is determined as the violation item, wherein the past violation item comprises at least one item of money with history of being determined as the violation item;
determining the past violation items meeting a second preset condition as key violation entry items, wherein the number of the past violation entry items meeting the second preset condition, which are determined as violation items, is greater than a preset number;
and preferentially judging whether the key violation clauses are in compliance.
8. An application violation feedback device, comprising:
the acquisition module is used for acquiring the privacy policy of at least one application program;
the judging module is used for judging whether the clause items of the privacy policy of any application program are in compliance;
a first determining module, configured to determine an out-of-compliance clause item as an offending item;
a second determination module for determining weight information of the violation term;
and the returning module is used for returning the violation item and the weight information of the violation item.
9. An electronic device, comprising:
at least one processor;
a memory;
at least one application, wherein the at least one application is stored in the memory and configured to be executed by the at least one processor, the at least one application configured to: executing an application violation feedback method according to any one of claims 1-7.
10. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, implements an application violation feedback method according to any one of claims 1 to 7.
CN202210075047.9A 2022-01-22 2022-01-22 Application violation feedback method and device, electronic equipment and storage medium Withdrawn CN114417310A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210075047.9A CN114417310A (en) 2022-01-22 2022-01-22 Application violation feedback method and device, electronic equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210075047.9A CN114417310A (en) 2022-01-22 2022-01-22 Application violation feedback method and device, electronic equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114417310A true CN114417310A (en) 2022-04-29

Family

ID=81274946

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210075047.9A Withdrawn CN114417310A (en) 2022-01-22 2022-01-22 Application violation feedback method and device, electronic equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114417310A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115080923A (en) * 2022-07-22 2022-09-20 北京锘崴信息科技有限公司 Privacy clause analysis method and privacy clause analysis method of network financial product

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115080923A (en) * 2022-07-22 2022-09-20 北京锘崴信息科技有限公司 Privacy clause analysis method and privacy clause analysis method of network financial product

Similar Documents

Publication Publication Date Title
CN110225104B (en) Data acquisition method and device and terminal equipment
CN112738102B (en) Asset identification method, device, equipment and storage medium
US11048818B1 (en) Systems and methods for a virtual fraud sandbox
CN111586005B (en) Scanner scanning behavior identification method and device
CN111753192A (en) Advertisement popup intercepting method and device, electronic equipment and storage medium
CN106569860A (en) Application management method and terminal
CN114417310A (en) Application violation feedback method and device, electronic equipment and storage medium
CN114139161A (en) Method, device, electronic equipment and medium for batch vulnerability detection
CN115033317A (en) Bullet frame processing method and device, electronic equipment and readable storage medium
CN106951242B (en) Vulnerability verification program generation method and device and computing device
CN110019813A (en) Life insurance case retrieving method, retrieval device, server and readable storage medium storing program for executing
US9904661B2 (en) Real-time agreement analysis
CN112115280A (en) Full-media influence propagation analysis method and device
CN109446054B (en) Processing method and terminal equipment for override operation request based on big data
Chen et al. Fraud analysis and detection for real-time messaging communications on social networks
Yu et al. Obfuscating the dataset: Impacts and applications
CN115827122A (en) Operation guiding method and device, electronic equipment and storage medium
US20170032484A1 (en) Systems, devices, and methods for detecting firearm straw purchases
CN110263044B (en) Data storage method, device, equipment and computer readable storage medium
CN113779198A (en) Electronic business card generating method, device, equipment and medium based on artificial intelligence
CN111782967A (en) Information processing method, information processing device, electronic equipment and computer readable storage medium
CN112733104A (en) Account registration request processing method and device
CN111125548A (en) Public opinion supervision method and device, electronic equipment and storage medium
CN111475811A (en) User input privacy detection method for Android application dynamic generation control
KR101981746B1 (en) Method, apparatus and computer-readable medium for providing information contents based on keyword

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
WW01 Invention patent application withdrawn after publication
WW01 Invention patent application withdrawn after publication

Application publication date: 20220429