CN114625381A - Privacy policy text acquisition method, system and terminal - Google Patents
Privacy policy text acquisition method, system and terminal Download PDFInfo
- Publication number
- CN114625381A CN114625381A CN202210062414.1A CN202210062414A CN114625381A CN 114625381 A CN114625381 A CN 114625381A CN 202210062414 A CN202210062414 A CN 202210062414A CN 114625381 A CN114625381 A CN 114625381A
- Authority
- CN
- China
- Prior art keywords
- page
- privacy policy
- installation package
- mobile terminal
- application installation
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/60—Software deployment
- G06F8/61—Installation
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
Landscapes
- Engineering & Computer Science (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Computer Hardware Design (AREA)
- Telephone Function (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a method, a system and a terminal for acquiring a privacy policy text, wherein the method comprises the following steps: acquiring an application installation package, and installing the application installation package on a mobile terminal; running and traversing the application installation package installed on the mobile terminal, and simulating manual operation of the application; monitoring the page of the application installation package operated by the mobile terminal, and acquiring page elements of the operated page; extracting the text information in the page elements, and judging whether the corresponding page is a privacy policy page or not according to the keywords in the text information; and if the page is a privacy policy page, the content of the interface element is saved as a privacy policy text, and the privacy policy text is displayed. According to the invention, the privacy policy of the application is acquired through automatic traversal, so that the efficiency is high and the universality is strong.
Description
Technical Field
The invention relates to the technical field of computer application, in particular to a method, a system, a terminal and a storage medium for acquiring a privacy policy text.
Background
The application safety compliance detection system is used for comprehensively detecting non-compliance items in mobile application and comprises an App collecting and using personal information behavior, a personal information storage mode, third-party SDK behavior analysis, and other violation laws and regulations, wherein the App carries out evaluation on user rights and interests guarantee and the like. As government supervision platforms pay more and more attention to privacy and personal information protection of users, compliance of mobile applications has certain requirements.
Privacy policy text: privacy policy text for various Applications (APPs). The privacy policy of APP may also be referred to as a user privacy protocol, a user privacy policy, a privacy policy, and the like. Generally, when a user registers an APP or uses the APP to provide a service, an APP operator displays a privacy policy text to the user, and declares a range of collected user information and corresponding rights and obligations in the privacy policy text. For example: personal information of a user, authority equipment information, APP product definition, APP function information, information of the APP for guaranteeing and collecting the user information, right and obligation information of the user and the like which need to be collected can be written in the privacy policy text.
As a supervision platform, identifying whether a mobile application is in compliance, analyzing a privacy policy text of the application, and obtaining a privacy policy of the application as an important step, wherein an implicit policy is a policy measure formulated for protecting personal privacy; the mobile application privacy policy is required to be independently written, displayed for a user to read and required to be agreed by a supervision department; including collecting, processing, using, storing, sharing, transferring, or publicly disclosing relevant personal information without infringing legitimate rights and interests of others.
In the prior art, the applied privacy policy is manually acquired, so that the efficiency is low, or the uploaded privacy policy cannot be determined whether to be matched with the applied privacy policy or not by uploading the privacy policy by a developer, and the uploaded privacy policy is not universal; that is, the prior art cannot automatically acquire the privacy policy text of the application.
Accordingly, there is a need for improvements and developments in the art.
Disclosure of Invention
The invention mainly aims to provide a method, a system and a terminal for acquiring a privacy policy text, and aims to solve the problem that the privacy policy text cannot be automatically acquired in the prior art.
In order to achieve the above object, the present invention provides a method for obtaining a privacy policy text, including the steps of:
acquiring an application installation package, and installing the application installation package on a mobile terminal;
running and traversing the application installation package installed on the mobile terminal, and simulating manual operation of the application;
monitoring the page of the application installation package operated by the mobile terminal, and acquiring page elements of the operated page;
extracting the text information in the page elements, and judging whether the corresponding page is a privacy policy page or not according to the keywords in the text information;
and if the page is a privacy policy page, the content of the interface element is saved as a privacy policy text, and the privacy policy text is displayed.
Optionally, the privacy policy text obtaining method includes, where the obtaining of the application installation package and the installing of the application installation package on the mobile terminal specifically include:
and the installation program executes a system command adb install and installs the application installation package apk on the mobile terminal according to the apk file path.
Optionally, the method for obtaining a privacy policy text, wherein the running of the application installation package installed on the mobile terminal specifically includes:
and the operating program execution system commands the adb shell am start-n, and the application installation package apk is operated on the mobile terminal according to the apk package name.
Optionally, the privacy policy text obtaining method, wherein the simulating of the manually operated application specifically includes:
and compiling a script, and executing the self command of the Android system by using an adb tool to realize the simulation of manual operation.
Optionally, the privacy policy text obtaining method, wherein the simulating manual operation includes: click, slide, and enter.
Optionally, the method for obtaining the privacy policy text, where the monitoring the page where the mobile terminal runs the application installation package, and obtaining the page element of the running page specifically include:
and monitoring the page of the application installation package apk operated by the mobile terminal, and acquiring the page element of the current interface of the mobile terminal in real time through an Android system tool.
Optionally, the method for obtaining a privacy policy text, where the extracting text information in the page element, and determining whether the corresponding page is a privacy policy page according to a keyword in the text information includes:
and if the current page is not the privacy policy page, continuously judging whether the next page is the privacy policy page or not.
In addition, to achieve the above object, the present invention further provides a privacy policy text acquisition system, wherein the privacy policy text acquisition system includes:
the obtaining and installing module is used for obtaining an application installation package and installing the application installation package on the mobile terminal;
the operation traversing module is used for operating and traversing the application installation package installed on the mobile terminal and simulating manual operation of the application;
the monitoring acquisition module is used for monitoring the page of the application installation package operated by the mobile terminal and acquiring the page elements of the operating page;
the extraction and judgment module is used for extracting the text information in the page elements and judging whether the corresponding page is a privacy policy page or not according to the keywords in the text information;
and the storage display module is used for taking the content of the stored interface element as a privacy policy text and displaying the privacy policy text if the stored interface element is a privacy policy page.
In addition, to achieve the above object, the present invention further provides a terminal, wherein the terminal includes: a memory, a processor, and a privacy policy text acquisition program stored on the memory and executable on the processor, the privacy policy text acquisition program when executed by the processor implementing the steps of the privacy policy text acquisition method as described above.
In addition, to achieve the above object, the present invention further provides a storage medium, wherein the storage medium stores a privacy policy text acquisition program, and the privacy policy text acquisition program, when executed by a processor, implements the steps of the privacy policy text acquisition method as described above.
The method comprises the steps of obtaining an application installation package, and installing the application installation package on a mobile terminal; running and traversing the application installation package installed on the mobile terminal, and simulating manual operation of the application; monitoring the page of the application installation package operated by the mobile terminal, and acquiring page elements of the operated page; extracting the text information in the page elements, and judging whether the corresponding page is a privacy policy page or not according to the keywords in the text information; and if the page is a privacy policy page, the content of the interface element is saved as a privacy policy text, and the privacy policy text is displayed. According to the invention, the privacy policy of the application is acquired through automatic traversal, so that the efficiency is high and the universality is strong.
Drawings
FIG. 1 is a flow chart of a preferred embodiment of a privacy policy text acquisition method of the present invention;
FIG. 2 is a schematic diagram of a preferred embodiment of the privacy policy text acquisition system of the present invention;
fig. 3 is a schematic operating environment diagram of a terminal according to a preferred embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer and clearer, the present invention is further described in detail below with reference to the accompanying drawings and examples. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention.
As shown in fig. 1, the method for obtaining a privacy policy text according to a preferred embodiment of the present invention includes the following steps:
and step S10, obtaining the application installation package, and installing the application installation package on the mobile terminal.
Specifically, after an application installation package APK (Android application package, which is an application package file format used by an Android operating system and used for distributing and installing mobile applications and middleware) is obtained, codes of an Android application program are compiled and then packaged into a file which can be identified by the Android system to be operated, wherein the file format which can be identified and operated by the Android system is ' APK ', an APK file contains a compiled code file ([ dex file), ' resources ], a native resource file ([ assets ], a certificate ([ certificates ], and a manifest file) ], an installer executes a system command adb install, and installing an application installation package apk on the mobile terminal according to the apk file path, for example, automatically installing an application to the mobile terminal (mobile phone).
And step S20, running and traversing the application installation package installed on the mobile terminal, and simulating to run the operation application manually.
Specifically, the running program execution system commands adb shell am start-n, and runs the application installation package apk on the mobile terminal according to the apk package name, for example, to open a specified application (to-be-detected application) on a mobile phone.
The method comprises the steps of compiling a script, and executing an Android system self command by using an adb tool (the adb tool is Android Debug Bridge, Android Debug Bridge tools are command line windows and are used for interacting with a simulator or real equipment through a computer terminal), so that operations such as clicking, sliding and inputting are realized, and manual operation is simulated (manual clicking of a mobile phone is simulated, and application is operated).
And step S30, monitoring the page of the application installation package operated by the mobile terminal, and acquiring the page element of the operation page.
Specifically, the method includes monitoring a page of the application installation package apk run by the mobile terminal, and running an Android system tool (for example, the uautorator is an internal tool carried by the Android system, and is available on each mobile phone, and the tool can be run to obtain contents (for example, digitalized contents, not pictures) displayed on a mobile phone screen, and the contents are called "page elements") of a current interface of the mobile terminal.
And step S40, extracting the text information in the page element, and judging whether the corresponding page is a privacy policy page or not according to the keywords in the text information.
Specifically, the acquired page elements include displayed text information, and whether the page is a privacy policy page is determined by keywords (e.g., keywords such as privacy and protection protocol). For example, if the word "privacy policy" is included in the page element, it may be determined to be a privacy policy in the first place.
And step S50, if the interface element is a privacy policy page, the content of the interface element is saved as a privacy policy text, and the privacy policy text is displayed.
Specifically, if the interface element is a privacy policy page, the interface element content is saved, and the saved content is the privacy policy content. For example, if the privacy policy states that the application only needs to use the access photo album right for photo album management, the application is found to use not only the access photo album right but also the call right, the location right, etc. according to the analysis of the data generated at runtime. Indicating that the application is not compliant.
In addition, if the current page is not the privacy policy page, whether the next page is the privacy policy page is continuously judged.
The method and the device have the advantages that the apk is installed on the mobile phone and started, the apk is automatically operated and automatically traversed, the page on the mobile phone is monitored, whether the privacy policy exists or not is judged through the key words, if the privacy policy exists, the privacy policy text displayed on the mobile phone is obtained, the privacy policy text is automatically obtained, and the efficiency of obtaining the privacy policy text is high, and the applicability is strong.
Further, as shown in fig. 2, based on the above method for obtaining a privacy policy text, the present invention also provides a system for obtaining a privacy policy text, where the system for obtaining a privacy policy text comprises:
the obtaining and installing module 51 is configured to obtain an application installation package, and install the application installation package on the mobile terminal;
the running traversing module 52 is used for running and traversing the application installation package installed on the mobile terminal and simulating the manual running of the operation application;
a monitoring obtaining module 53, configured to monitor a page where the mobile terminal runs the application installation package, and obtain a page element of a running page;
the extraction and judgment module 54 is configured to extract text information in the page element, and judge whether a corresponding page is a privacy policy page according to a keyword in the text information;
and the saving display module 55 is configured to, if the interface element is a privacy policy page, use the content of the saving interface element as a privacy policy text, and display the privacy policy text.
Further, as shown in fig. 3, based on the above method for acquiring a privacy policy text, the present invention further provides a terminal, where the terminal includes a processor 10, a memory 20, and a display 30. Fig. 3 shows only some of the components of the terminal, but it should be understood that not all of the shown components are required to be implemented, and that more or fewer components may be implemented instead.
The memory 20 may in some embodiments be an internal storage unit of the terminal, such as a hard disk or a memory of the terminal. The memory 20 may also be an external storage device of the terminal in other embodiments, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), and the like provided on the terminal. Further, the memory 20 may also include both an internal storage unit and an external storage device of the terminal. The memory 20 is used for storing application software installed in the terminal and various types of data, such as program codes of the installation terminal. The memory 20 may also be used to temporarily store data that has been output or is to be output. In one embodiment, the memory 20 stores a privacy policy text acquisition program 40, and the privacy policy text acquisition program 40 is executable by the processor 10 to implement the privacy policy text acquisition method of the present application.
The processor 10 may be, in some embodiments, a Central Processing Unit (CPU), a microprocessor or other data Processing chip, and is configured to execute program codes stored in the memory 20 or process data, such as executing the privacy policy text obtaining method.
The display 30 may be an LED display, a liquid crystal display, a touch-sensitive liquid crystal display, an OLED (Organic Light-Emitting Diode) touch panel, or the like in some embodiments. The display 30 is used for displaying information at the terminal and for displaying a visual user interface. The components 10-30 of the terminal communicate with each other via a system bus.
In one embodiment, the following steps are implemented when the processor 10 executes the privacy policy text acquisition program 40 in the memory 20:
acquiring an application installation package, and installing the application installation package on a mobile terminal;
running and traversing the application installation package installed on the mobile terminal, and simulating manual operation of the application;
monitoring the page of the application installation package operated by the mobile terminal, and acquiring page elements of the operated page;
extracting the text information in the page elements, and judging whether the corresponding page is a privacy policy page or not according to the keywords in the text information;
and if the page is a privacy policy page, the content of the interface element is saved as a privacy policy text, and the privacy policy text is displayed.
The obtaining of the application installation package and the installing of the application installation package on the mobile terminal specifically include:
and the installation program executes a system command adb install and installs the application installation package apk on the mobile terminal according to the apk file path.
The running of the application installation package installed on the mobile terminal specifically includes:
and the operating program execution system commands the adb shell am start-n, and the application installation package apk is operated on the mobile terminal according to the apk package name.
The simulation of the manual operation application specifically comprises the following steps:
and compiling a script, and executing the self command of the Android system by using an adb tool to realize the simulation of manual operation.
Wherein the simulating manual operation comprises: click, slide, and enter.
The monitoring the page of the application installation package run by the mobile terminal, and acquiring the page element of the running page specifically includes:
and monitoring the page of the application installation package apk operated by the mobile terminal, and acquiring the page element of the current interface of the mobile terminal in real time through an Android system tool.
Wherein, the extracting the text information in the page element, and judging whether the corresponding page is a privacy policy page according to the keywords in the text information, and then further comprising:
and if the current page is not the privacy policy page, continuously judging whether the next page is the privacy policy page or not.
The present invention also provides a storage medium, wherein the storage medium stores a privacy policy text acquisition program, and the privacy policy text acquisition program, when executed by a processor, implements the steps of the privacy policy text acquisition method as described above.
In summary, the present invention provides a method, a system, a terminal and a storage medium for obtaining a privacy policy text, where the method includes: acquiring an application installation package, and installing the application installation package on a mobile terminal; running and traversing the application installation package installed on the mobile terminal, and simulating manual operation of the application; monitoring the page of the application installation package operated by the mobile terminal, and acquiring page elements of the operated page; extracting the text information in the page elements, and judging whether the corresponding page is a privacy policy page or not according to the keywords in the text information; and if the page is a privacy policy page, the content of the interface element is saved as a privacy policy text, and the privacy policy text is displayed. According to the invention, the privacy policy of the application is acquired through automatic traversal, so that the efficiency is high and the universality is strong.
Of course, it will be understood by those skilled in the art that all or part of the processes of the methods of the above embodiments may be implemented by a computer program instructing relevant hardware (such as a processor, a controller, etc.), and the program may be stored in a computer readable storage medium, and when executed, the program may include the processes of the above method embodiments. The storage medium may be a memory, a magnetic disk, an optical disk, etc.
It is to be understood that the invention is not limited to the examples described above, but that modifications and variations may be effected thereto by those of ordinary skill in the art in light of the foregoing description, and that all such modifications and variations are intended to be within the scope of the invention as defined by the appended claims.
Claims (10)
1. A privacy policy text acquisition method is characterized by comprising the following steps:
acquiring an application installation package, and installing the application installation package on a mobile terminal;
running and traversing the application installation package installed on the mobile terminal, and simulating manual operation of the application;
monitoring the page of the application installation package operated by the mobile terminal, and acquiring page elements of the operated page;
extracting the text information in the page elements, and judging whether the corresponding page is a privacy policy page or not according to the keywords in the text information;
and if the page is a privacy policy page, the content of the interface element is saved as a privacy policy text, and the privacy policy text is displayed.
2. The method for obtaining the privacy policy text according to claim 1, wherein the obtaining the application installation package and installing the application installation package on the mobile terminal specifically includes:
and the installation program executes a system command adb install and installs the application installation package apk on the mobile terminal according to the apk file path.
3. The method according to claim 2, wherein the running of the application installation package installed on the mobile terminal specifically includes:
and the operating program execution system commands the adb shell am start-n, and the application installation package apk is operated on the mobile terminal according to the apk package name.
4. The privacy policy text acquisition method according to claim 3, wherein the simulating of the manual operation of the operation application specifically comprises:
and compiling a script, and executing the self command of the Android system by using an adb tool to realize the simulation of manual operation.
5. The privacy policy text retrieval method of claim 4, wherein the simulating manual operation comprises: click, slide, and enter.
6. The method according to claim 4, wherein the monitoring of the page of the application installation package run by the mobile terminal and the obtaining of the page element of the running page specifically include:
and monitoring the page of the application installation package apk operated by the mobile terminal, and acquiring the page element of the current interface of the mobile terminal in real time through an Android system tool.
7. The method for obtaining privacy policy text according to claim 1, wherein the extracting text information in the page element, and determining whether the corresponding page is a privacy policy page according to a keyword in the text information, further comprising:
and if the current page is not the privacy policy page, continuously judging whether the next page is the privacy policy page or not.
8. A privacy policy text acquisition system, the privacy policy text acquisition system comprising:
the obtaining and installing module is used for obtaining an application installation package and installing the application installation package on the mobile terminal;
the operation traversing module is used for operating and traversing the application installation package installed on the mobile terminal and simulating manual operation of the application;
the monitoring acquisition module is used for monitoring the page of the application installation package operated by the mobile terminal and acquiring the page elements of the operating page;
the extraction and judgment module is used for extracting the text information in the page elements and judging whether the corresponding page is a privacy policy page or not according to the keywords in the text information;
and the storage display module is used for taking the content of the stored interface element as a privacy policy text and displaying the privacy policy text if the stored interface element is a privacy policy page.
9. A terminal, characterized in that the terminal comprises: a memory, a processor, and a privacy policy text acquisition program stored on the memory and executable on the processor, the privacy policy text acquisition program when executed by the processor implementing the steps of the privacy policy text acquisition method of any one of claims 1-7.
10. A storage medium storing a privacy policy text acquisition program that, when executed by a processor, performs the steps of the privacy policy text acquisition method of any one of claims 1-7.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210062414.1A CN114625381A (en) | 2022-01-19 | 2022-01-19 | Privacy policy text acquisition method, system and terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202210062414.1A CN114625381A (en) | 2022-01-19 | 2022-01-19 | Privacy policy text acquisition method, system and terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN114625381A true CN114625381A (en) | 2022-06-14 |
Family
ID=81898581
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202210062414.1A Pending CN114625381A (en) | 2022-01-19 | 2022-01-19 | Privacy policy text acquisition method, system and terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN114625381A (en) |
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115587352A (en) * | 2022-10-10 | 2023-01-10 | 奇安信科技集团股份有限公司 | Privacy security monitoring method and device, electronic equipment and storage medium |
-
2022
- 2022-01-19 CN CN202210062414.1A patent/CN114625381A/en active Pending
Cited By (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN115587352A (en) * | 2022-10-10 | 2023-01-10 | 奇安信科技集团股份有限公司 | Privacy security monitoring method and device, electronic equipment and storage medium |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110990020A (en) | Software compiling method and device, electronic equipment and storage medium | |
| US20120047579A1 (en) | Information device, program, method for preventing execution of unauthorized program code, and computer readable recording medium | |
| CN112100072A (en) | Static detection method, device, equipment and medium for application program codes | |
| CN110727595B (en) | Application login interface identification method, intelligent terminal and storage medium | |
| CN110659210A (en) | Information acquisition method and device, electronic equipment and storage medium | |
| US10685298B2 (en) | Mobile application compatibility testing | |
| CN114625381A (en) | Privacy policy text acquisition method, system and terminal | |
| CN108090352B (en) | Detection system and detection method | |
| CN110737463A (en) | analysis method of key function source information, intelligent terminal and storage medium | |
| CN113360379B (en) | Program test environment creation method and program test environment creation apparatus | |
| CN108845924B (en) | Control response area display control method, electronic device, and storage medium | |
| CN113869789A (en) | Risk monitoring method and device, computer equipment and storage medium | |
| CN110334523B (en) | Vulnerability detection method and device, intelligent terminal and storage medium | |
| CN112579475A (en) | Code testing method, device, equipment and readable storage medium | |
| CN112068932A (en) | Application program integration and monitoring method, device, system, equipment and medium | |
| US8291389B2 (en) | Automatically detecting non-modifying transforms when profiling source code | |
| CN108520063B (en) | Event log processing method and device and terminal equipment | |
| CN105446785A (en) | Method and system for unloading application program | |
| Liu et al. | PF-Miner: A practical paired functions mining method for Android kernel in error paths | |
| CN115562962A (en) | Method and device for analyzing model reasoning performance and electronic equipment | |
| Wu et al. | CydiOS: A Model-Based Testing Framework for iOS Apps | |
| CN114741700A (en) | Public component library vulnerability availability analysis method and device based on symbolic taint analysis | |
| CN114626022A (en) | Method, system and terminal for detecting compliance of application permission | |
| CN113656251A (en) | Method for monitoring application program behavior and related product | |
| CN114238130A (en) | Performance test method, device, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |