CN114462030A - Privacy policy processing and evidence obtaining method, device, equipment and storage medium - Google Patents
Privacy policy processing and evidence obtaining method, device, equipment and storage medium Download PDFInfo
- Publication number
- CN114462030A CN114462030A CN202210133704.0A CN202210133704A CN114462030A CN 114462030 A CN114462030 A CN 114462030A CN 202210133704 A CN202210133704 A CN 202210133704A CN 114462030 A CN114462030 A CN 114462030A
- Authority
- CN
- China
- Prior art keywords
- privacy policy
- application software
- processing
- privacy
- target
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/50—Information retrieval; Database structures therefor; File system structures therefor of still image data
- G06F16/58—Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/90—Details of database functions independent of the retrieved data types
- G06F16/95—Retrieval from the web
- G06F16/953—Querying, e.g. by the use of web search engines
- G06F16/9537—Spatial or temporal dependent retrieval, e.g. spatiotemporal queries
Abstract
The disclosure provides a privacy policy processing and evidence obtaining method, device, equipment and storage medium, and relates to the field of internet application, in particular to the fields of application software, data security, information flow and natural language processing. The privacy policy processing method comprises the following steps: monitoring the privacy policy processing process of the application software, responding to the privacy policy processing process of the application software, determining the occurrence time and the process screenshot of the privacy policy processing process, acquiring the privacy policy content displayed by the application software through a privacy policy detail page, and storing the occurrence time, the process screenshot and the privacy policy content of the privacy policy processing process to a storage server. The privacy policy evidence obtaining method comprises the following steps: and inquiring the storage server based on the received forensics inquiry request, and determining and outputting privacy policy processing information of the target application software in the target time interval. The technical scheme disclosed by the invention effectively ensures the legal rights and interests of the user when using the application software.
Description
Technical Field
The present disclosure relates to the field of application software, data security, information flow, and natural language processing in internet applications, and in particular, to a method, an apparatus, a device, and a storage medium for processing and obtaining evidence of a privacy policy.
Background
With the development of the times, application software has penetrated the aspects of people's daily life, and more data are transmitted and recorded through the application software, and in the privacy protection of the application software, a privacy policy becomes an important part. Privacy policies are legal documents provided by companies and organizations that inform users how personal data is collected and used on related application software programs and other platforms.
In the related art, the content of the privacy policy of the application software is stored in the server, and when the application software determines that the user agrees to the privacy policy which is actively popped up when the application software is started for the first time, the content of the privacy policy can be accessed and obtained through a Uniform Resource Locator (URL) and displayed to the user on a human-computer interaction interface of the application software. Since the privacy policy content can be updated at the server by the application software developer at any time, the privacy policy content seen by the user when using the application software may not be consistent with the privacy policy content actually collected by the application software, and the user rights and interests may be impaired.
Disclosure of Invention
The disclosure provides a privacy policy processing method, a privacy policy evidence obtaining device and a privacy policy evidence obtaining device, and a storage medium.
According to a first aspect of the present disclosure, there is provided a privacy policy processing method, including:
monitoring a privacy policy processing process of application software;
responding to the privacy policy processing process of the application software, and determining the occurrence time and the process screenshot of the privacy policy processing process;
obtaining privacy policy content displayed by the application software through a privacy policy detail page;
and saving the occurrence time and the process screenshot of the privacy policy processing process and the privacy policy content to a storage server.
According to a second aspect of the present disclosure, there is provided a method for forensics of a privacy policy, comprising:
receiving a forensics inquiry request, wherein the forensics inquiry request comprises: the identification and the target time interval of the target application software;
inquiring a storage server based on the evidence obtaining inquiry request, and determining privacy policy processing information of the target application software in the target time interval, wherein the privacy policy processing information of at least one application software is stored in the storage server;
and outputting privacy policy processing information of the target application software in the target time interval.
According to a third aspect of the present disclosure, there is provided a privacy policy processing apparatus, including:
the monitoring unit is used for monitoring the privacy policy processing process of the application software;
the processing unit is used for responding to the privacy policy processing process of the application software, and determining the occurrence time and the process screenshot of the privacy policy processing process;
the acquisition unit is used for acquiring the privacy policy content displayed by the application software through a privacy policy detail page;
and the sending unit is used for saving the occurrence time and the process screenshot of the privacy policy processing process and the privacy policy content to a storage server.
According to a fourth aspect of the present disclosure, there is provided a privacy policy forensics apparatus, including:
a receiving unit, configured to receive a forensics inquiry request, where the forensics inquiry request includes: identification and target time interval of target application software;
the inquiring unit is used for inquiring a storage server based on the evidence obtaining inquiring request, and determining privacy policy processing information of the target application software in the target time interval, wherein the privacy policy processing information of at least one application software is stored in the storage server;
and the output unit is used for outputting privacy policy processing information of the target application software in the target time interval.
According to a fifth aspect of the present disclosure, there is provided an electronic device comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of the first aspect or to perform the method of the second aspect.
According to a sixth aspect of the present disclosure, there is provided a non-transitory computer readable storage medium having stored thereon computer instructions for causing a computer to perform the method of the first aspect or the method of the second aspect.
According to a seventh aspect of the present disclosure, there is provided a computer program product comprising: a computer program, stored in a readable storage medium, from which at least one processor of an electronic device can read the computer program, execution of the computer program by the at least one processor causing the electronic device to perform the method of the first aspect or to perform the method of the second aspect.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The drawings are included to provide a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
fig. 1 is a schematic diagram of an application scenario provided in an embodiment of the present disclosure;
fig. 2 is a flowchart illustrating a privacy policy processing method according to a first embodiment of the present disclosure;
fig. 3 is a flowchart illustrating a privacy policy processing method according to a second embodiment of the disclosure;
fig. 4 is a flowchart illustrating a privacy policy processing method according to a third embodiment of the disclosure;
fig. 5 is a flowchart illustrating a privacy policy forensics method according to a first embodiment of the disclosure;
fig. 6 is a flowchart illustrating a privacy policy processing method according to a second embodiment of the disclosure;
fig. 7 is a schematic structural diagram of a privacy policy processing apparatus provided by an embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of a privacy policy forensics apparatus provided by an embodiment of the present disclosure;
FIG. 9 shows a schematic block diagram of an example electronic device to implement embodiments of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure are described below with reference to the accompanying drawings, in which various details of the embodiments of the disclosure are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
The privacy policy is a statement about how application software (APP) or websites collect, process, use, store, share, transfer, disclose and the like to manage user information, and the laws and regulations in major countries and regions list the privacy policy as a necessary document for APP. Compliance detection of the APP privacy policy, and intelligent processing and accurate understanding of the APP privacy policy by using Natural Language Processing (NLP) technology are currently popular research fields.
According to legal and legal requirements, the APP should actively pop up a privacy policy for a user to read when the APP is started for the first time, and the personal information stated in the privacy policy can be collected only after the user agrees with the privacy policy. Namely, the privacy policy needs to accurately describe the purpose, mode, range and the like of collecting user information by the APP in the operation process of the APP so as to avoid illegal violation of collecting user information and avoid infringement of the legal rights and interests of the user.
In the related technology, the privacy policy content of the APP is usually stored in the server, and when the APP determines that the user agrees to the privacy policy which is actively popped up when the APP is started for the first time, the APP can access the privacy policy from the server through the URL and display the privacy policy to the user on a man-machine interaction interface of the APP. Subsequently, the APP developer may update the content of the privacy policy at the server at any time, which may cause the content of the privacy policy seen by the user when using the APP to be inconsistent with the content of the privacy policy actually collected by the APP, thereby causing the user to lose the rights and interests.
For example: the user uses a certain APP in x days x months x days xx years, when the privacy policy is read, the privacy policy does not state the collection of the user contact ways, the user thinks that the APP can not collect the user contact ways and can be used safely, but the APP collects the user contact ways at the background and updates the content of the privacy policy after a period of time, and the statement for collecting the user contact ways is added, so that the user is actually led to collect the contact ways under the condition that the user is unaware of the contact ways, the behavior of illegally collecting personal information belongs to, but the behavior is difficult to prove for the user. This behavior also makes it possible for the APP to evade the supervision of regulatory agencies and application markets to illicitly gather personal information on a large scale.
In the technical scheme of the disclosure, the collection, storage, use, processing, transmission, provision, disclosure and other processing of the personal information of the related user are all in accordance with the regulations of related laws and regulations and do not violate the good customs of the public order.
Aiming at the problems in the related art, the conception process of the technical scheme disclosed by the invention is as follows: based on the thought of automated testing, carry out large-scale automatic testing and privacy policy evidence collection to the APP that has issued, for example, in the processing procedure of privacy policy, through the emergence time and the process screenshot of recording each processing procedure to upload to storage server, so that the user can follow-up inquiry, solved APP and evaded the supervision, deceive the problem that the user illegally collected personal information.
For example, in the embodiment of the disclosure, a test platform (or called as a test device) may automatically install and run a plurality of APPs, and automatically record occurrence time and process screenshots of various processing processes, such as a privacy policy box pop-up of an APP, a privacy policy link clicked in the privacy policy box, and a privacy policy detail page associated with the privacy policy link opened, and upload the occurrence time and the process screenshots to a storage server on a cloud platform, so as to achieve the purpose of storing certificates.
Optionally, the cloud platform can provide a query function, when a user, an application market, a supervision organization and the like wish to examine whether the APP is legally compliant in a certain period to collect the personal information of the user, a forensics query request can be sent to the cloud platform, so that the cloud platform determines the privacy policy content and the forensics information of the APP in the period based on the APP identifier in the forensics query request, and then judges the legality of the APP collecting the personal information behavior at that time in combination with the specifically collected personal information behavior of the APP.
Based on the conception process, the embodiment of the disclosure provides a privacy policy processing and evidence obtaining method, in the privacy policy processing process, the occurrence time and the process screenshot of the privacy policy processing process of application software and the privacy policy content displayed by the application software through a privacy policy detail page are obtained and stored in a storage server, and correspondingly, in the evidence obtaining process of the privacy policy, when a evidence obtaining query request is received, the privacy policy processing information of the target application software in a target time interval can be determined and output by querying the storage server, so that the behavior of collecting personal information by the application software is effectively restrained, the rights and interests of a large number of users are guaranteed, and the privacy compliance of the whole industry is improved.
The present disclosure provides a privacy policy processing method, a privacy policy forensics device, a privacy policy forensics apparatus, and a privacy policy storage medium, which are applied to the technical fields of application software, data security, information flow, natural language processing, etc. in internet applications, and are used for ensuring the legitimate rights and interests of users when using the application software.
In order to facilitate understanding of the technical solutions provided by the present disclosure, an application scenario of the embodiment of the present disclosure is first described with reference to fig. 1.
Fig. 1 is a schematic diagram of an application scenario provided in the embodiment of the present disclosure. As shown in fig. 1, the application scenario may include: two processes; wherein:
the first process is a privacy policy processing process.
Illustratively, the test equipment monitors the privacy policy processing process of the application software, responds to the privacy policy processing process of the application software, determines the occurrence time and the process screenshot of the privacy policy processing process, acquires the privacy policy content displayed by the application software through a privacy policy detail page, and finally stores the occurrence time, the process screenshot and the privacy policy content of the privacy policy processing process to a storage server in the cloud platform.
It can be understood that the privacy policy in the embodiment of the present disclosure specifically refers to the content of the privacy policy that is displayed on the privacy policy detail page by clicking the privacy policy link existing in the privacy policy pop-up box after the application software actively pops up the privacy policy pop-up box when being started for the first time. Alternatively, the privacy policy may be actively popped up at first startup after first installation or reinstallation or version update.
For example, in an embodiment of the present disclosure, referring to fig. 1, a testing device may receive a testing instruction issued from the outside, where the testing instruction may include an identifier of at least one application software, and acquire an installation file of the application software through interaction with a cloud platform, and automatically install and run the application software, and then, monitor a privacy policy processing process of the application software.
Illustratively, the processing of the privacy policy includes: and popping up a privacy policy pop-up box, clicking a privacy policy link in the privacy policy pop-up box, opening a privacy policy detail page related to the privacy policy link and the like.
Correspondingly, referring to fig. 1, when monitoring that the application software pops out the privacy policy pop-up frame, the test device records the pop-up time of the privacy policy pop-up frame and intercepts an image when the privacy policy pop-up frame pops up, when monitoring that the privacy policy link in the privacy policy pop-up frame is clicked, records the clicked time of the privacy policy link and intercepts the image when the privacy policy link is clicked, and when monitoring that the privacy policy detail page associated with the privacy policy link is opened, records the opened time of the privacy policy detail page and intercepts the image when the privacy policy detail page is opened.
It can be understood that, as shown in fig. 1, after the test device acquires the installation file and before the application software is installed, the test device may further determine attribute information of the installation file and store the attribute information to a storage server in the cloud platform.
Optionally, the attribute information of the installation file may include a file unique identifier, file description information, and the like, where the file unique identifier is a hash value obtained by performing a hash operation on the installation file, and the file description information includes, but is not limited to: version number of installation file, download address, download date, test date, source market, etc.
The second process is a forensics process of the privacy policy.
With continued reference to fig. 1, the cloud platform may store the occurrence time and the process screenshot of the received privacy policy processing process and the privacy policy content, and may also store the attribute information of the installation file.
Correspondingly, the cloud platform can receive the evidence obtaining query request, and queries in the storage server based on the identification of the target application software and the target time interval included in the evidence obtaining query request, so as to determine and output privacy policy processing information of the target application software in the target time interval, and therefore, a query worker can judge whether the user information collected by the APP is consistent with the user information collected by the statement in the privacy policy.
It is understood that in embodiments of the present disclosure, the privacy policy processing information stored in the storage server may include, but is not limited to including:
the occurrence time and process screenshot of each process in the privacy policy process;
the file description information of the corresponding installation file of each application software comprises: the version number, download address, download date, test date and source of the installation file;
processing start and stop timestamps of each application software;
and the privacy policy contents are displayed on the privacy policy detail page by each application software.
It should be noted that fig. 1 is only an application scenario schematic diagram provided by the embodiment of the present disclosure, and the embodiment of the present disclosure does not limit specific devices included in an application scenario, for example, the application scenario may further include: terminal devices, processing devices, etc.
For example, in the application scenario shown in fig. 1, the terminal device may issue a test instruction and/or a forensic query request based on the received indication.
Optionally, the storage server in this embodiment may be privacy policy processing information for each application software, and the cloud platform in this embodiment may be a server of each device, and may provide various services.
It is understood that the position relationship between the devices shown in fig. 1 does not constitute any limitation, and for example, the storage server may be integrated in the cloud platform or may be a separate device.
It should be noted that the test device in the embodiment of the present disclosure may be a terminal device, a server, a virtual machine, or the like, or a distributed computer system composed of one or more servers and/or computers, or the like, and the embodiment of the present disclosure is not limited. The server in the embodiments of the present disclosure may be a common server or a cloud server, and the cloud server is also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system. The server may also be a server of a distributed system, or a server incorporating a blockchain. Terminal devices include, but are not limited to: smart phones, notebook computers, desktop computers, platform computers, vehicle-mounted equipment, intelligent wearable equipment and the like.
It should be noted that the product implementation form of the present disclosure is a program code included in cloud platform software and deployed on a server (which may also be hardware with computing capability such as a computing cloud or a mobile terminal). In the system architecture diagram shown in fig. 1, the program code of the present disclosure may be stored inside the test device and the cloud platform. During operation, the program code is run in the host memory and/or the GPU memory of the server.
In the embodiments of the present disclosure, "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
Hereinafter, the technical solution of the present disclosure will be described in detail by specific examples. It should be noted that the following specific embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments.
For example, the processing of the privacy policy is first described in detail below with reference to several specific embodiments.
Fig. 2 is a flowchart illustrating a privacy policy processing method according to a first embodiment of the present disclosure. The method of this embodiment may be executed by the test apparatus in fig. 1, or may be executed by a processor in the test apparatus. In this embodiment, the method is performed by a test apparatus. As shown in fig. 2, the method for processing the privacy policy according to this embodiment may include:
s201, monitoring the privacy policy processing process of the application software.
In practical applications, the test device may execute the technical solution of the embodiments of the present disclosure on a large amount of released application software. Optionally, the test device may be a real mobile phone or a simulator or a cloud mobile phone.
For example, the test device can automatically test the privacy policy of the installed and operated application software. For example, the application software is run automatically using an automation running framework, and the privacy policy handling process of the application software is monitored.
Optionally, the test device may monitor the operation of the application software by using a monitoring tool, and specifically, monitor a privacy policy processing procedure in the application software.
S202, responding to the privacy policy processing process of the application software, and determining the occurrence time and the process screenshot of the privacy policy processing process.
For example, when monitoring the privacy policy processing procedure of the application software, the test device may record the occurrence time and the process screenshot of the privacy policy processing procedure. Alternatively, the process screenshot may be interpreted as the screenshot when the privacy policy handling process occurs.
Illustratively, the privacy policy handling process includes: popping up a privacy policy pop-up box, clicking a privacy policy link in the privacy policy pop-up box, opening a privacy policy detail page associated with the privacy policy link, and the like, wherein the occurrence time and the process screenshot of the privacy policy processing process may include: the method comprises the steps of popping out a privacy policy pop-up box, a first page screenshot when the privacy policy pop-up box pops out, clicking time of a privacy policy link in the privacy policy pop-up box, a second page screenshot when the privacy policy link is clicked, opening time of a privacy policy detail page, a screenshot when the privacy policy detail page is opened and the like.
S203, obtaining the privacy policy content displayed by the application software through the privacy policy detail page.
Optionally, after the application software is subjected to the privacy policy processing processes, the opened privacy policy detail page may be displayed through a human-computer interaction interface of the application software, and the privacy policy content is recorded on the privacy policy detail page, so that the test device may obtain the privacy policy content displayed by the application software through the privacy policy detail page through a grabbing tool.
It is understood that in embodiments of the present disclosure, the privacy policy content is the specific content of user information specifically declared by the application software that may be collected, used, processed, disclosed during the running of the application software. Exemplary privacy policy content may include, but is not limited to including: user information, information of devices used by the user, environmental information (e.g., location) in which the user is located, and the like.
And S204, storing the occurrence time and the process screenshot of the privacy policy processing process and the privacy policy content to a storage server.
In the embodiment of the disclosure, in order to facilitate subsequent evidence obtaining when the application software declares the used information to the user, the test device may store the occurrence time and the process screenshot of the determined privacy policy processing process and the privacy policy content to a cloud, for example, a storage server of a cloud platform, so that the user, a supervision organization, an application market, and the like may initiate verification of a behavior of collecting user information by the application software, and particularly, when the behavior of collecting user information by the application software is suspicious, effective evidence support may be improved.
It can be understood that, in practical applications, after the testing device completes one test and evidence preservation of the privacy policy for the application software, the test and evidence preservation can be repeatedly performed on a certain application software at different times, so as to obtain the evidence preservation of the privacy policy content of the application software at different time periods.
Optionally, the test device may execute the technical solution of the embodiment of the present disclosure at the same time or at different times for different application software, and the embodiment of the present disclosure does not limit the technical solution.
In the embodiment of the disclosure, the occurrence time and the process screenshot of the privacy policy processing process are determined by monitoring the privacy policy processing process of the application software, the privacy policy content displayed by the application software through the privacy policy detail page is obtained, and the occurrence time, the process screenshot of the privacy policy processing process and the privacy policy content are stored in the storage server, so that a realization guarantee is provided for subsequent forensics, the problem that the application software illegally collects user information is effectively avoided, and the user rights and interests are effectively guaranteed.
On the basis of the embodiment shown in fig. 2, the following describes a method for processing the privacy policy provided by the embodiment of the present disclosure in more detail.
Fig. 3 is a flowchart illustrating a privacy policy processing method according to a second embodiment of the disclosure. In an embodiment of the present disclosure, the privacy policy processing procedure includes: and popping up a privacy policy pop-up box, clicking a privacy policy link in the privacy policy pop-up box, and opening a privacy policy detail page related to the privacy policy link. Accordingly, as shown in fig. 3, the above S202 can be implemented by the following steps:
s301, responding to the popup of the privacy policy popup box of the application software, recording popup time of the privacy policy popup box and capturing a first page screenshot when the privacy policy popup box pops up.
Wherein a privacy policy link exists in the privacy policy box.
Illustratively, according to legal requirements, the application software should actively pop up a privacy policy box when it is first started, and guide the user to click on a privacy policy link in the privacy policy box, so as to present the privacy policy content on a privacy policy details page for the user to read. Therefore, when the test equipment monitors that the application software pops out the privacy policy pop-up frame, in response to the popping-up of the privacy policy pop-up frame, the test equipment records the popping-up time of the privacy policy pop-up frame of the application software, and intercepts a page when the privacy policy pop-up frame pops up to obtain a first page screenshot.
S302, responding to the fact that the privacy policy link in the privacy policy box is clicked, recording the clicked time of the privacy policy link, and capturing a second page screenshot when the privacy policy link is clicked.
In practical application, the application software gives the privacy policy link through the privacy policy pop-up box, and when the test equipment monitors that the privacy policy link in the privacy policy pop-up box is clicked, the clicked time of the privacy policy link can be recorded, the page of the clicked privacy policy link is intercepted, and the second page screenshot is obtained.
It is appreciated that in embodiments of the present disclosure, where the privacy policy link is a link that connects the privacy policy box and the privacy policy details page, the page of the application software may jump from the privacy policy box page to the privacy policy details page when the privacy policy link is clicked, and thus, in response to the privacy policy link being clicked within the privacy policy box, the privacy policy details page associated with the privacy policy link may be opened.
For example, after S301, the testing device may trigger the privacy policy link to be clicked by invoking an automated testing tool to click on the privacy policy link within the privacy policy box.
In the embodiment, the automatic testing tool is used for simulating the clicking behavior of the user, so that the automatic testing of the application software can be realized, and the testing cost is reduced.
And S303, responding to the fact that the privacy policy detail page related to the privacy policy link is opened, and recording the opened time of the privacy policy detail page and a third page screenshot when the privacy policy detail page is opened.
And privacy policy content is displayed on the privacy policy detail page.
Optionally, a privacy policy details page associated with the privacy policy link may be triggered to be opened in response to the privacy policy link of the application software being clicked. Correspondingly, when the test equipment monitors that the privacy policy detail page related to the privacy policy link is opened, the test equipment can automatically record the opening time of the privacy policy detail page and intercept the page when the privacy policy detail page is opened, so as to obtain a third page screenshot.
It can be understood that, in practical applications, the privacy policy details page is recorded with specific privacy policy contents, and the privacy policy contents can state various operations, such as collecting, processing, disclosing and the like, of the application software on various information related to the user, that is, the application software will show the privacy policy contents through the privacy policy details page.
In the embodiment of the disclosure, specific implementation of the occurrence time and the process screenshot of the processing process of determining, by the testing device, that the privacy policy pop-up box pops up, the privacy policy link in the privacy policy pop-up box is clicked, the privacy policy detail page associated with the privacy policy link is opened and the like is described, and implementation premises are provided for subsequent forensics.
On the basis of the embodiment shown in fig. 2 or fig. 3, fig. 4 is a flowchart illustrating a privacy policy processing method according to a third embodiment of the present disclosure. As shown in fig. 4, in an embodiment of the present disclosure, before the step S201, the method for processing the privacy policy may further include:
s401, obtaining a test instruction, wherein the test instruction comprises: identification of the application software.
For example, the test device may execute the privacy policy processing procedure of the application software based on external test instructions. For example, the test device may receive a test instruction sent by a plurality of objects through the terminal, and in order to clarify the tested application software, the test instruction needs to carry an identifier of the application software, so that the test device performs the processes of obtaining an installation file, installing the application software, running the application software, and processing a privacy policy in the running process of the application software.
S402, acquiring an installation file of the application software based on the identification of the application software in the test instruction.
For example, after the test device analyzes the test instruction to determine the identifier of the application software to be tested, the installation file of the application software may be acquired in a form of interaction with the cloud platform.
Optionally, after each application software is released, the installation file of the application software is usually stored in the cloud platform, so that a user can obtain the installation file of a certain application software from the cloud platform in a terminal device networking manner and perform a subsequent installation process. Therefore, in this embodiment, after receiving the test instruction, the test device may also download the installation file of the application software from the cloud platform.
And S403, installing the application software by using the installation file of the application software, and automatically running the application software.
Optionally, after the test device obtains the installation file of the application software, the application software may be automatically installed or installed on the test device based on the installation instruction, and the automatic operation framework is called to automatically operate the application software.
In one example, the automatic operation framework may be an automatic framework built by a tester based on a test task, and after the application software is installed on test equipment such as a real mobile phone, a simulator, a cloud mobile phone and the like, the application software is automatically operated by using the automatic operation framework.
Optionally, in an embodiment of the present disclosure, as shown in fig. 4, after S402, the method for processing the privacy policy may further include:
s404, determining the attribute information of the installation file.
Wherein the attribute information includes: unique file identification and file description information; the unique file identifier is a hash value obtained by performing hash operation on the installation file, and the file description information includes: the version number of the installation file, the download address, the download date, the test date and the source market.
For example, when acquiring the installation file of the application software, the testing device may record attribute information of the application software. For example, the accuracy in evidence collection can be improved by calculating the hash value of the installation file (such as MD5, SHA1, SHA256, etc.), and using it as the file unique identifier of the application software, and further recording the version number, download address, download date, test date, source market, etc. of the application software as auxiliary file description information, so as to follow up the occurrence time and process screenshot of the accurate associated privacy policy processing process.
And S405, storing the attribute information of the installation file into a storage server.
In the embodiment of the disclosure, in order to facilitate subsequent privacy policy evidence obtaining, the test device may store the determined attribute information of the installation file to a cloud, for example, a storage server of a cloud platform, so that a user, a supervision organization, an application market, and the like may initiate verification of a behavior of collecting user information by application software, and particularly, when the behavior of collecting user information by application software is suspicious, effective evidence support may be provided.
The above embodiments describe the processing of privacy policies. The privacy policy forensics process is described below in connection with several specific embodiments.
Fig. 5 is a flowchart illustrating a privacy policy forensics method according to a first embodiment of the disclosure. The method of this embodiment may be executed by the cloud platform in fig. 1, and may also be executed by a processor in the cloud platform, where the cloud platform may be referred to as a cloud server. In this embodiment, the cloud platform executes the method. As shown in fig. 5, the method for forensics of privacy policy provided by this embodiment may include:
s501, receiving a forensics inquiry request, where the forensics inquiry request includes: identification of the target application software and the target time interval.
Optionally, when the behavior of collecting personal information by the application software is suspicious, such as a user, a monitoring organization, and an application market, the privacy policy processing information of the application software in a specific time period can be queried at any time, so that the behavior of collecting personal information in violation of law of the application software is unbearable.
For example, privacy policy processing information of a large amount of application software in a large number of time periods may be stored in a storage server of the cloud platform, and when a forensics query request is received by the cloud platform, in order to enable the cloud platform to accurately determine the application software to be forensics and the forensics time period, the forensics query request needs to include an identifier of the target application software and a target time interval.
S502, inquiring a storage server based on the evidence obtaining inquiry request, and determining privacy policy processing information of the target application software in a target time interval.
The storage server stores privacy policy processing information of at least one application software.
For example, in this embodiment, the storage server stores, in the storage server, the privacy policy processing information such as the occurrence time and the process screenshot of the privacy policy processing process of at least one application software determined by the testing device in the embodiments shown in fig. 2 to fig. 4 in at least one time period, and the privacy policy content, and the at least one application software includes the target application software in the forensics inquiry request, and the at least one time period includes the target time interval. Therefore, the cloud platform can query the storage server according to the identifier of the target application software and the target time interval, and acquire the privacy policy processing information of the target application software in the target time interval.
And S503, outputting privacy policy processing information of the target application software in the target time interval.
Optionally, after determining the privacy policy processing information of the target application software in the target time interval, the cloud platform may output the privacy policy processing information.
In one example, when the cloud platform has a human-computer interaction interface, the privacy policy processing information of the target application software in the target time interval can be displayed through the human-computer interaction interface, and when the cloud platform has a voice function, the privacy policy processing information of the target application software in the target time interval can also be played.
In one example, the cloud platform may feed back privacy policy processing information of the target application software in the target time interval to the terminal device that issued the forensic query request, so that the terminal device displays or plays the privacy policy processing information.
In an embodiment of the present disclosure, by receiving a forensics query request, the forensics query request includes: and inquiring the storage server based on the evidence obtaining inquiry request, and determining and outputting privacy policy processing information of the target application software in the target time interval. According to the technical scheme, the evidence obtaining and inquiring function is provided, the behavior that the application software collects the personal information brutally can be restricted, the problem that the application software deceives the user to collect the personal information illegally is solved, the supervision cost is greatly reduced, the rights and interests of the majority of users are guaranteed, and therefore the privacy compliance level of the whole industry is improved.
On the basis of the embodiment shown in fig. 5, the following describes a method for processing the privacy policy provided by the embodiment of the present disclosure in more detail.
Exemplarily, fig. 6 is a flowchart illustrating a privacy policy processing method according to a second embodiment of the present disclosure. As shown in fig. 6, in the embodiment of the present disclosure, the above S502 may be implemented by the following steps:
s601, inquiring a storage server based on the identification of the target application software, and positioning to a privacy policy evidence storage position of the target application software.
S602, based on the starting time and the ending time of the target time interval, obtaining the privacy policy processing information of the target application software in the target time interval from the privacy policy evidence storage position.
Illustratively, when the cloud platform determines the identifier of the target application software and the target time interval by analyzing the forensics query request, in one possible design, the information stored in the storage server is queried and is located at the privacy policy forensics position of the target application software, and then the privacy policy processing information in the target time interval is obtained from the privacy policy forensics position.
It is understood that, in another possible design of the present disclosure, the cloud platform may further determine privacy policy processing information of all application software within the target time interval based on the start time and the end time of the target time interval, and then select privacy policy processing information of the target application software based on the identifier of the target application software.
Optionally, the embodiment of the disclosure does not limit a specific implementation manner of how the cloud platform determines the privacy policy processing information of the target application software in the target time interval.
In the embodiment of the disclosure, the privacy policy evidence storing position of the target application software is firstly positioned, and then the scheme of obtaining the privacy policy processing information of the target application software in the target time interval is obtained from the privacy policy evidence storing position based on the starting time and the ending time of the target time interval, so that the privacy policy processing information of the target application software in the target time interval can be accurately and rapidly determined, and the evidence obtaining efficiency and the evidence obtaining accuracy are improved.
Optionally, in an embodiment of the present disclosure, the storage server stores the privacy policy processing information of each application software in a key-value pair manner, where a key name of the key-value pair is a unique file identifier of each application software, the unique file identifier is a hash value obtained by performing hash operation on an installation file of each application software, and a key value of the key-value pair is the privacy policy processing information of the application software corresponding to the key-name identifier.
Illustratively, in a storage server of the cloud platform, the privacy policy processing information of each application software may exist in the form of key-value pairs (key-value), and therefore, when a forensics query request is received, the identifier of the target application software, i.e., the unique file identifier (target key), may be used as an index to locate the privacy policy validation position of the target application software, and then the privacy policy information corresponding to the unique file identifier is obtained from the located privacy policy validation position, and then the privacy policy processing information in the target time interval is obtained based on the start time and the end time of the target time interval.
Illustratively, the information in the storage server takes the hash value of the application software as the unique identifier of the corresponding installation file of the application software, and accordingly, the privacy policy processing information may include at least one of the following:
the time of occurrence and process screenshots of the privacy policy handling process;
the file description information of the corresponding installation file of each application software includes: the version number, download address, download date, test date and source of the installation file;
processing start and stop timestamps of each application software;
and the privacy policy contents are displayed on the privacy policy detail page by each application software.
The privacy policy content may be in an HTML form or a plain text file form, and this embodiment does not limit this.
Optionally, in this embodiment, the privacy policy processing information of each application software in the storage server is stored in a block chain form.
The storage server can respectively store the privacy policy processing information of each application software in a block chain form based on the receiving time, and can prevent subsequent tampering, so that the reliability of evidence obtaining is ensured.
Fig. 7 is a schematic structural diagram of a privacy policy processing apparatus according to an embodiment of the present disclosure. The privacy policy processing device provided by the embodiment may be the test equipment in fig. 1 or a device in the test equipment. As shown in fig. 7, the privacy policy processing apparatus 700 according to the present embodiment includes:
a monitoring unit 701, configured to monitor a privacy policy processing procedure of application software;
a processing unit 702, configured to determine an occurrence time and a process screenshot of a privacy policy handling process in response to the privacy policy handling process of the application software;
an obtaining unit 703, configured to obtain the content of the privacy policy displayed by the application software through a privacy policy detail page;
a sending unit 704, configured to save the occurrence time and the process screenshot of the privacy policy processing process and the privacy policy content to a storage server.
In one possible implementation, the privacy policy processing procedure includes: popping up a privacy policy pop-up box, clicking a privacy policy link in the privacy policy pop-up box, and opening a privacy policy detail page related to the privacy policy link;
accordingly, the processing unit 702 includes:
the first processing module is used for responding to the popup of a privacy policy popup of the application software, recording popup time of the privacy policy popup and capturing a first page screenshot when the privacy policy popup is popped up, wherein a privacy policy link exists in the privacy policy popup;
the second processing module is used for responding to the fact that the privacy policy link in the privacy policy box is clicked, recording the clicked time of the privacy policy link and capturing a second page screenshot when the privacy policy link is clicked;
and the third processing module is used for responding to the opening of the privacy policy detail page related to the privacy policy link, recording the opening time of the privacy policy detail page and a third page screenshot when the privacy policy detail page is opened, wherein the privacy policy detail page is displayed with privacy policy content.
Optionally, the first processing module is further configured to invoke an automatic testing tool to click the privacy policy link in the privacy policy box.
In a possible implementation manner, the obtaining unit 703 is further configured to:
obtaining a test instruction, wherein the test instruction comprises: an identification of the application software;
acquiring an installation file of the application software based on the identifier of the application software in the test instruction;
the processing unit 702 is further configured to install the application software by using the installation file of the application software, and automatically run the application software.
Optionally, the processing unit 702 is further configured to determine attribute information of the installation file, where the attribute information includes: the file unique identification is a hash value obtained by performing hash operation on the installation file, and the file description information includes: the version number, download address, download date, test date and source market of the installation file;
the sending unit is further configured to store the attribute information of the installation file in the storage server.
The processing apparatus of the privacy policy provided in this embodiment may be used to execute the processing method of the privacy policy according to the method embodiments shown in fig. 2 to fig. 4, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 8 is a schematic structural diagram of a privacy policy forensics apparatus provided in an embodiment of the present disclosure. The forensics device of the privacy policy provided by the embodiment may be the cloud platform in fig. 1 or a device in the cloud platform. As shown in fig. 8, the privacy policy forensics apparatus 800 according to the present embodiment includes:
a receiving unit 801, configured to receive a forensics query request, where the forensics query request includes: identification and target time interval of target application software;
a querying unit 802, configured to query, based on the forensics query request, a storage server in which privacy policy processing information of at least one application software is stored, and determine privacy policy processing information of the target application software in the target time interval;
an output unit 803, configured to output privacy policy processing information of the target application software in the target time interval.
In a possible implementation manner, the querying unit 802 includes:
the positioning module is used for inquiring the storage server based on the identification of the target application software and positioning to the privacy policy evidence storage position of the target application software;
and the obtaining module is used for obtaining the privacy policy processing information of the target application software in the target time interval from the privacy policy evidence storing position based on the starting time and the ending time of the target time interval.
Optionally, the storage server stores the privacy policy processing information of each application software in a key-value pair manner, where a key name of the key-value pair is a unique file identifier of each application software, the unique file identifier is a hash value obtained by performing a hash operation on an installation file of each application software, and a key value of the key-value pair is the privacy policy processing information of the application software corresponding to the key-name identifier.
Optionally, the privacy policy processing information further includes at least one of:
the time of occurrence and process screenshots of the privacy policy handling process;
the file description information of the corresponding installation file of each application software comprises: the version number, download address, download date, test date and source of the installation file;
processing start and stop timestamps of each application software;
and the privacy policy contents are displayed on the privacy policy detail page by each application software.
Optionally, the privacy policy processing information of each application software in the storage server is stored in a blockchain form.
The forensics apparatus of privacy policy provided in this embodiment may be used to execute the forensics method of privacy policy in the embodiment of the method shown in fig. 5 or fig. 6, and the implementation principle and technical effect are similar, which are not described herein again.
The present disclosure also provides an electronic device, a readable storage medium, and a computer program product according to embodiments of the present disclosure.
According to an embodiment of the present disclosure, the present disclosure also provides a computer program product comprising: a computer program, stored in a readable storage medium, from which at least one processor of the electronic device can read the computer program, the at least one processor executing the computer program causing the electronic device to perform the solution provided by any of the embodiments described above.
FIG. 9 shows a schematic block diagram of an example electronic device to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 9, the apparatus 900 includes a computing unit 901, which can perform various appropriate actions and processes in accordance with a computer program stored in a Read Only Memory (ROM)902 or a computer program loaded from a storage unit 908 into a Random Access Memory (RAM) 903. In the RAM903, various programs and data required for the operation of the device 900 can also be stored. The calculation unit 901, ROM 902, and RAM903 are connected to each other via a bus 904. An input/output (I/O) interface 905 is also connected to bus 904.
A number of components in the device 900 are connected to the I/O interface 905, including: an input unit 906 such as a keyboard, a mouse, and the like; an output unit 907 such as various types of displays, speakers, and the like; a storage unit 908 such as a magnetic disk, optical disk, or the like; and a communication unit 909 such as a network card, a modem, a wireless communication transceiver, and the like. The communication unit 909 allows the device 900 to exchange information/data with other devices through a computer network such as the internet and/or various telecommunication networks.
The computing unit 901 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of the computing unit 901 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and so forth. The computing unit 901 performs the respective methods and processes described above, for example, a processing method of a privacy policy and/or a forensics method of a privacy policy. For example, in some embodiments, the privacy policy processing method and/or the privacy policy forensics method may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as storage unit 908. In some embodiments, part or all of the computer program may be loaded and/or installed onto device 900 via ROM 902 and/or communications unit 909. When the computer program is loaded into RAM903 and executed by computing unit 901, one or more steps of the above-described privacy policy processing method and/or privacy policy forensics method may be performed. Alternatively, in other embodiments, the computing unit 901 may be configured by any other suitable means (e.g., by means of firmware) to perform the processing method of the privacy policy and/or the forensics method of the privacy policy.
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The Server can be a cloud Server, also called a cloud computing Server or a cloud host, and is a host product in a cloud computing service system, so as to solve the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service ("Virtual Private Server", or simply "VPS"). The server may also be a server of a distributed system, or a server incorporating a blockchain.
It should be understood that various forms of the flows shown above, reordering, adding or deleting steps, may be used. For example, the steps described in the present disclosure may be executed in parallel, sequentially, or in different orders, as long as the desired results of the technical solutions disclosed in the present disclosure can be achieved, and the present disclosure is not limited herein.
The above detailed description should not be construed as limiting the scope of the disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the scope of protection of the present disclosure.
Claims (23)
1. A privacy policy processing method, comprising:
monitoring a privacy policy processing process of application software;
responding to the privacy policy processing process of the application software, and determining the occurrence time and the process screenshot of the privacy policy processing process;
obtaining privacy policy content displayed by the application software through a privacy policy detail page;
and saving the occurrence time and the process screenshot of the privacy policy processing process and the privacy policy content to a storage server.
2. The method of claim 1, wherein the privacy policy handling procedure comprises: popping up a privacy policy pop-up box, clicking a privacy policy link in the privacy policy pop-up box, and opening a privacy policy detail page related to the privacy policy link;
correspondingly, the determining the occurrence time and the process screenshot of the privacy policy processing procedure in response to the privacy policy processing procedure of the application software comprises:
responding to the popup of a privacy policy popup box of the application software, recording popup time of the privacy policy popup box and capturing a first page screenshot when the privacy policy popup box pops up, wherein a privacy policy link exists in the privacy policy popup box;
in response to a privacy policy link in the privacy policy box being clicked, recording the clicked time of the privacy policy link, and capturing a second page screenshot of the privacy policy link when the privacy policy link is clicked;
and in response to the privacy policy details page associated with the privacy policy link being opened, recording the opened time of the privacy policy details page and a third page screenshot when the privacy policy details page is opened, wherein the privacy policy details page has privacy policy content displayed thereon.
3. The method of claim 2, further comprising, after the recording of the time the privacy policy box pops up and capturing the first page shot at the time the privacy policy box pops up in response to the privacy policy box pop up of the application software:
and calling an automatic testing tool to click the privacy policy link in the privacy policy box.
4. The method of any of claims 1 to 3, further comprising, prior to the monitoring the privacy policy handling process of the application software:
obtaining a test instruction, wherein the test instruction comprises: an identification of the application software;
acquiring an installation file of the application software based on the identifier of the application software in the test instruction;
and installing the application software by using the installation file of the application software, and automatically running the application software.
5. The method of claim 4, further comprising, after said obtaining the installation file of the application software based on the identification of the application software in the test instruction, the following:
determining attribute information of the installation file, wherein the attribute information comprises: the file unique identification is a hash value obtained by performing hash operation on the installation file, and the file description information includes: the version number, the download address, the download date, the test date and the source market of the installation file;
and storing the attribute information of the installation file to the storage server.
6. A method of forensics of a privacy policy, comprising:
receiving a forensics inquiry request, wherein the forensics inquiry request comprises: identification and target time interval of target application software;
inquiring a storage server based on the evidence obtaining inquiry request, and determining privacy policy processing information of the target application software in the target time interval, wherein the privacy policy processing information of at least one application software is stored in the storage server;
and outputting privacy policy processing information of the target application software in the target time interval.
7. The method of claim 6, wherein said querying a storage server based on the forensic query request to determine privacy policy processing information for the target application software within the target time interval comprises:
based on the identification of the target application software, inquiring the storage server and positioning to a privacy policy evidence storage position of the target application software;
and acquiring privacy policy processing information of the target application software in the target time interval from the privacy policy evidence storage position based on the starting time and the ending time of the target time interval.
8. The method according to claim 6 or 7, wherein the storage server stores the privacy policy processing information of each application software in a key-value pair manner, the key name of the key-value pair is a unique file identifier of each application software, the unique file identifier is a hash value obtained by performing a hash operation on an installation file of each application software, and the key value of the key-value pair is the privacy policy processing information of the application software corresponding to the key-name identifier.
9. The method of claim 8, wherein the privacy policy processing information includes at least one of:
the time of occurrence and process screenshots of the privacy policy handling process;
the file description information of the corresponding installation file of each application software comprises: the version number, download address, download date, test date and source of the installation file;
processing start and stop timestamps of each application software;
and the privacy policy contents are displayed on the privacy policy detail page by each application software.
10. The method of any one of claims 6 to 9, wherein the privacy policy handling information of each application in the storage server is stored in a blockchain form.
11. An apparatus for processing a privacy policy, comprising:
the monitoring unit is used for monitoring the privacy policy processing process of the application software;
the processing unit is used for responding to the privacy policy processing process of the application software, and determining the occurrence time and the process screenshot of the privacy policy processing process;
the acquisition unit is used for acquiring the privacy policy content displayed by the application software through a privacy policy detail page;
and the sending unit is used for saving the occurrence time and the process screenshot of the privacy policy processing process and the privacy policy content to a storage server.
12. The apparatus of claim 11, wherein the privacy policy handling procedure comprises: popping up a privacy policy pop frame, clicking a privacy policy link in the privacy policy pop frame, and opening a privacy policy detail page related to the privacy policy link;
correspondingly, the processing unit comprises:
the first processing module is used for responding to the popup of a privacy policy popup of the application software, recording popup time of the privacy policy popup and capturing a first page screenshot when the privacy policy popup is popped up, wherein a privacy policy link exists in the privacy policy popup;
the second processing module is used for responding to the fact that the privacy policy link in the privacy policy box is clicked, recording the clicked time of the privacy policy link and capturing a second page screenshot when the privacy policy link is clicked;
and the third processing module is used for responding to the opening of the privacy policy detail page related to the privacy policy link, recording the opening time of the privacy policy detail page and a third page screenshot when the privacy policy detail page is opened, wherein the privacy policy detail page is displayed with privacy policy content.
13. The apparatus of claim 12, the first processing module further configured to invoke an automated testing tool to click on a privacy policy link within the privacy policy box.
14. The apparatus according to any one of claims 11 to 13, the obtaining unit being further configured to:
obtaining a test instruction, wherein the test instruction comprises: an identification of the application software;
acquiring an installation file of the application software based on the identifier of the application software in the test instruction;
the processing unit is further configured to install the application software by using the installation file of the application software, and automatically run the application software.
15. The apparatus of claim 14, the processing unit further configured to determine attribute information of the installation file, the attribute information comprising: the file unique identification is a hash value obtained by performing hash operation on the installation file, and the file description information includes: the version number, download address, download date, test date and source market of the installation file;
the sending unit is further configured to store the attribute information of the installation file in the storage server.
16. A privacy policy forensics apparatus comprising:
a receiving unit, configured to receive a forensics inquiry request, where the forensics inquiry request includes: identification and target time interval of target application software;
the inquiring unit is used for inquiring a storage server based on the evidence obtaining inquiring request, and determining privacy policy processing information of the target application software in the target time interval, wherein the privacy policy processing information of at least one application software is stored in the storage server;
and the output unit is used for outputting privacy policy processing information of the target application software in the target time interval.
17. The apparatus of claim 16, wherein the query unit comprises:
the positioning module is used for inquiring the storage server based on the identification of the target application software and positioning to the privacy policy evidence storage position of the target application software;
and the obtaining module is used for obtaining the privacy policy processing information of the target application software in the target time interval from the privacy policy evidence storing position based on the starting time and the ending time of the target time interval.
18. The apparatus according to claim 16 or 17, wherein the storage server stores the privacy policy processing information of each application software in a key-value pair manner, a key name of the key-value pair is a unique file identifier of each application software, the unique file identifier is a hash value obtained by performing a hash operation on an installation file of each application software, and a key value of the key-value pair is the privacy policy processing information of the application software corresponding to the key-name identifier.
19. The apparatus of claim 18, wherein the privacy policy processing information comprises at least one of:
the time of occurrence and process screenshots of the privacy policy handling process;
the file description information of the corresponding installation file of each application software comprises: the version number, download address, download date, test date and source of the installation file;
processing start and stop timestamps of each application software;
and the privacy policy contents are displayed on the privacy policy detail page by each application software.
20. The apparatus of any one of claims 16 to 19, wherein the privacy policy handling information of each application in the storage server is stored in a blockchain form.
21. An electronic device, comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein the content of the first and second substances,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of any one of claims 1 to 5 or to perform the method of any one of claims 6 to 10.
22. A non-transitory computer readable storage medium storing computer instructions for causing a computer to perform the method of any one of claims 1 to 5 or the method of any one of claims 6 to 10.
23. A computer program product comprising a computer program which, when executed by a processor, carries out the steps of the method of any one of claims 1 to 5 or carries out the steps of the method of any one of claims 6 to 10.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210133704.0A CN114462030A (en) | 2022-02-14 | 2022-02-14 | Privacy policy processing and evidence obtaining method, device, equipment and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210133704.0A CN114462030A (en) | 2022-02-14 | 2022-02-14 | Privacy policy processing and evidence obtaining method, device, equipment and storage medium |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114462030A true CN114462030A (en) | 2022-05-10 |
Family
ID=81413924
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210133704.0A Pending CN114462030A (en) | 2022-02-14 | 2022-02-14 | Privacy policy processing and evidence obtaining method, device, equipment and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114462030A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114676432A (en) * | 2022-05-26 | 2022-06-28 | 河北兰科网络工程集团有限公司 | APP privacy compliance checking method, terminal and system |
-
2022
- 2022-02-14 CN CN202210133704.0A patent/CN114462030A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114676432A (en) * | 2022-05-26 | 2022-06-28 | 河北兰科网络工程集团有限公司 | APP privacy compliance checking method, terminal and system |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9215245B1 (en) | Exploration system and method for analyzing behavior of binary executable programs | |
| US20130117855A1 (en) | Apparatus for automatically inspecting security of applications and method thereof | |
| CN113489713B (en) | Network attack detection method, device, equipment and storage medium | |
| US11025660B2 (en) | Impact-detection of vulnerabilities | |
| CN110489310B (en) | Method and device for recording user operation, storage medium and computer equipment | |
| WO2020161622A1 (en) | Automatic mitigation of corrupted or compromised compute resources | |
| US11916964B2 (en) | Dynamic, runtime application programming interface parameter labeling, flow parameter tracking and security policy enforcement using API call graph | |
| CN109831351B (en) | Link tracking method, device, terminal and storage medium | |
| CN111654495B (en) | Method, apparatus, device and storage medium for determining traffic generation source | |
| US10262133B1 (en) | System and method for contextually analyzing potential cyber security threats | |
| US9569335B1 (en) | Exploiting software compiler outputs for release-independent remote code vulnerability analysis | |
| CN108156127B (en) | Network attack mode judging device, judging method and computer readable storage medium thereof | |
| CN114462030A (en) | Privacy policy processing and evidence obtaining method, device, equipment and storage medium | |
| EP4160421A1 (en) | Method and apparatus for obtaining browser running data, and storage medium | |
| CN116595523A (en) | Multi-engine file detection method, system, equipment and medium based on dynamic arrangement | |
| US20220334744A1 (en) | Method, electronic device, and computer program product for processing data | |
| CN115658478A (en) | Test case screening method and device, electronic equipment and storage medium | |
| CN115310096A (en) | Security vulnerability processing method, device, equipment and medium | |
| CN115051867A (en) | Detection method and device for illegal external connection behaviors, electronic equipment and medium | |
| US20200304539A1 (en) | Detecting denial of service attacks in serverless computing | |
| CN114969759B (en) | Asset security assessment method, device, terminal and medium of industrial robot system | |
| US20230169170A1 (en) | Techniques for fixing configuration and for fixing code using contextually enriched alerts | |
| US20230367871A1 (en) | Event-triggered forensics capture | |
| CN113590425A (en) | Data processing method, apparatus, device, medium, and program product | |
| CN117852043A (en) | Determination method and device for abnormal device, electronic device and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |