CN115525875A - Android privacy protection method and device and storage medium - Google Patents

Android privacy protection method and device and storage medium Download PDF

Info

Publication number
CN115525875A
CN115525875A CN202211136927.9A CN202211136927A CN115525875A CN 115525875 A CN115525875 A CN 115525875A CN 202211136927 A CN202211136927 A CN 202211136927A CN 115525875 A CN115525875 A CN 115525875A
Authority
CN
China
Prior art keywords
request
application
intercepting
authority
requested
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211136927.9A
Other languages
Chinese (zh)
Inventor
陈滨
梁晓斌
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Xiamen Armored Network Co ltd
Original Assignee
Xiamen Armored Network Co ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Xiamen Armored Network Co ltd filed Critical Xiamen Armored Network Co ltd
Priority to CN202211136927.9A priority Critical patent/CN115525875A/en
Publication of CN115525875A publication Critical patent/CN115525875A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/105Arrangements for software license management or administration, e.g. for managing licenses at corporate level
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/30Authentication, i.e. establishing the identity or authorisation of security principals
    • G06F21/31User authentication
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/604Tools and structures for managing or administering access control systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • Automation & Control Theory (AREA)
  • Medical Informatics (AREA)
  • Databases & Information Systems (AREA)
  • Multimedia (AREA)
  • Technology Law (AREA)
  • Telephonic Communication Services (AREA)

Abstract

The application provides an android privacy protection method, which includes the steps of selecting corresponding interception steps according to the ROOT state of equipment, starting a global privacy compliance service on the ROOT android equipment and privacy protection rules issued by a server on the ROOT android equipment, monitoring the behavior of obtaining privacy information by an application when the application with the non-compliance privacy is started, intercepting the privacy obtaining behavior of the application and dynamically forging the privacy information, and achieving the technical effect that the application can still normally run when the real privacy information is not obtained.

Description

Android privacy protection method and device and storage medium
Technical Field
The present application relates to the field of data security technologies, and in particular, to a method, an apparatus, and a storage medium for android privacy protection.
Background
At present, the android system device generally has the phenomenon that a user installs software in a side-loading mode, most of applications installed in the side-loading mode are not in compliance, the android system does not have a good method for protecting the privacy of the user, the application enforces privacy authority and privacy information, the application cannot run if no related authority is granted, and the leakage of the privacy information of the user is easily caused.
Disclosure of Invention
In order to solve the technical problems, the application provides an android privacy protection method, an android privacy protection device and a storage medium.
In a first aspect, the present application provides an android privacy protection method, including the following steps:
ROOT judging step: judging the ROOT state of the equipment when the application requests the permission, if the equipment is in the ROOT state, executing a first interception step, otherwise executing a second interception step;
a first interception step: modifying location service, activityManagerservice, activityTaskManagerservice and PhoneSubbInfoservice in the server file by using root authority to intercept the authority request of the application;
a second interception step: matching the currently applied packet name and the requested authority with a privacy protection rule issued by a server, if the matching is successful, intercepting or forging the requested authority according to the matched rule, otherwise, releasing the requested authority;
the intercepting or forging the requested authority according to the matched rule specifically comprises the following steps: if the requested authority is a network request and the application is in a background running state, intercepting the network request of the application; if the requested authority is the position information request, intercepting or forging through the agent LocationService; if the requested authority is the app information request, intercepting or forging the app information request through a proxy packagemanagerservice; if the requested authority is a wifi information request, intercepting or forging the request through a proxy WiFiService; if the authority of the request is a Deviceldentityrequest, intercepting or forging the request through a proxy TelephonyService; and if the request authority is a camera request, intercepting through a proxy Camera service.
By adopting the technical scheme, the behavior of the application for acquiring the privacy information is monitored when the application with the unconventional privacy is started through the global privacy compliance service started on the ROOT android device and the privacy protection rule issued by the server on the ROOT android device, the behavior of the application for acquiring the privacy information is intercepted, the privacy information is forged dynamically, and the technical effect that the application can still run normally when the real privacy information is not acquired is achieved.
Preferably, the method further comprises: dynamic configuration step: and after the system version is updated, the current system version information, the machine type and the environment information are uploaded on the internet, and a privacy rule protection file supported by the corresponding system version is requested to be issued to the server.
Preferably, the privacy rule protection file includes a service class name of the current system version, a name of an interception service method, and a data type to be intercepted.
Preferably, if the device is not in the ROOT state, the application is installed in a sandbox, and the second intercepting step is performed using the sandbox.
Preferably, the method further comprises: and modifying the type of the floating window: and adding a LayoutParam type judgment in android Windows manager service hijacking, and changing the type into an application internal floating window if the type is the system floating window type.
Preferably, if the requested permission is a network request and the application is in a background running state, intercepting the network request of the application specifically includes: and adding hooks of send, recv, socket, connect or bind network functions into the C + + code by using a Slimhook Native library, judging whether the current application is in a background state when the application calls the connect and bind functions, and if so, returning to the calling failure.
In a second aspect, the present application also provides an ampere Zhuo Yinsi protection device, the device comprising:
a ROOT judgment module: configured to determine a ROOT state of the device when the application requests permission;
a first interception module: configuring a location service, an activtymanagervice, an activtotaskmanageservice and a PhoneSubInfoService in a jar file for modifying the root permission to intercept the permission request of the application;
a second interception module: the system is configured to match the privacy protection rule issued by the server according to the currently applied packet name and the requested authority, intercept or forge the requested authority according to the matched rule if the matching is successful, and otherwise, release the requested authority;
the intercepting or forging the requested authority according to the matched rule specifically comprises the following steps: if the requested authority is a network request and the application is in a background running state, intercepting the network request of the application; if the requested authority is the position information request, intercepting or forging through the agent LocationService; if the requested authority is the app information request, intercepting or forging the app information request through a proxy packagemanagerservice; if the requested authority is a wifi information request, intercepting or forging the request through a proxy WiFiService; if the requested authority is a Devicedlndentity request, intercepting or forging the request through a proxy TelephonyService; and if the request authority is a camera request, intercepting through a proxy Camera service.
Preferably, the apparatus further comprises:
a dynamic configuration module: the system version protection method comprises the steps that after a system version is updated, current system version information, machine types and environment information are uploaded in a networking mode, and a privacy rule protection file supported by a corresponding system version is requested to be issued to a server; the privacy rule protection file comprises a service class name of a current system version, a name of an interception service method and a data type to be intercepted;
a floating window type modification module: the method is configured to add a LayoutParam type judgment in android Windows manager service hijacking, and if the type is the system floating window type, the system floating window type is changed into an in-application floating window.
In a third aspect, the present application further provides an electronic device, including:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement a method as described in the first aspect. .
In a fourth aspect, the present application also proposes a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the method according to the first aspect.
The application provides an android privacy protection method, which includes the steps of selecting corresponding interception steps according to the ROOT state of equipment, starting a global privacy compliance service on the ROOT android equipment and privacy protection rules issued by a server on the ROOT android equipment, monitoring the behavior of obtaining privacy information by an application when the application with the non-compliance privacy is started, intercepting the privacy obtaining behavior of the application and dynamically forging the privacy information, and achieving the technical effect that the application can still normally run when the real privacy information is not obtained.
Drawings
The accompanying drawings are included to provide a further understanding of the embodiments and are incorporated in and constitute a part of this specification. The drawings illustrate embodiments and together with the description serve to explain the principles of the application. Other embodiments and many of the intended advantages of embodiments will be readily appreciated as they become better understood by reference to the following detailed description. The elements of the drawings are not necessarily to scale relative to each other. Like reference numerals designate corresponding similar parts.
Fig. 1 is a flowchart of an android privacy protection method according to the present application.
Fig. 2 is a schematic diagram of a specific embodiment of an android privacy protection method that can be applied to the present application.
Fig. 3 is a schematic block diagram of an android privacy protection apparatus according to an embodiment of the present application.
FIG. 4 is a schematic block diagram of a computer system suitable for use to implement the electronic device of the embodiments of the subject application.
Detailed Description
The present application will be described in further detail with reference to the following drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the relevant invention and not restrictive of the invention. It should be noted that, for convenience of description, only the portions related to the related invention are shown in the drawings.
It should be noted that the embodiments and features of the embodiments in the present application may be combined with each other without conflict. The present application will be described in detail below with reference to the embodiments with reference to the attached drawings.
Fig. 1 shows a flowchart of an android privacy protection method of the present application, and fig. 2 shows a schematic diagram of a specific embodiment of an android privacy protection method that can be applied to the present application, with reference to fig. 1 and fig. 2, the method specifically includes the following steps:
ROOT determination step 101: and judging the ROOT state of the equipment when the application requests the permission, if the equipment is in the ROOT state, executing a first interception step, and if not, executing a second interception step.
A first interception step 102: root rights are used to modify LocationService, activitymanageservice, activitytaskmanagemservice and PhoneSubInfoService in the server.
In a specific embodiment, by installing a privacy compliance application service on an android device with ROOT, all application privacy compliance behaviors including system applications can be monitored on a device with the highest authority, so that a global dynamic interception privacy acquisition request and dynamic forgery of privacy information are realized. The method comprises the steps that through using ROOT authority and modifying a Service part file of a system Service, a source packet name is added to an interface layer for judging whether blank information is returned or calling is refused and exception is thrown in LocationService, activiyManageService, activitTaskManageService and PhoneSubbInfoService of Service and services which may need to be called by application.
A second interception step 103: and matching the currently applied packet name and the requested authority with a privacy protection rule issued by the server, if the matching is successful, intercepting or forging the requested authority according to the matched rule, otherwise, releasing the requested authority.
Intercepting or forging the requested authority according to the matched rule specifically comprises the following steps: if the requested authority is a network request and the application is in a background running state, intercepting the network request of the application; if the requested authority is the position information request, intercepting or forging through the agent LocationService; if the requested authority is the app information request, intercepting or forging the app information request through a proxy packagemanagerservice; if the requested authority is a wifi information request, intercepting or forging the request through a proxy WiFiService; if the requested authority is a Devicedlndentity request, intercepting or forging the request through a proxy TelephonyService; and if the request authority is a camera request, intercepting through a proxy Camera service.
In particular embodiments, on a non-ROOT android device, third party applications that may not be privacy compliant may be installed in a sandbox that supports dynamic interception of privacy acquisition requests and dynamic falsification of privacy information, only effective for sandbox internal applications. A large number of service agents are arranged in the sandbox and are consistent with service interfaces of the system, source detection is added among an ActivityManager agent, a LocationService agent, a TelephonyService agent and the like of the sandbox, blank information or fake response data can be directly returned, and response is achieved without calling actual system services. By using an android service interception mode, relevant android services, such as locationManagerservice, packageManagerservice, wiFiService, camera, deviceIdentity and other services, are intercepted, and response results are forged, for example, current position information is replaced by Tokyo, beijing, so that privacy information protection is realized.
In a specific embodiment, if the application requests position information in a sandbox, the sandbox reports own model information, environment information and system version information to a server in advance, the server issues a privacy protection rule list corresponding to the information to the sandbox according to the information, the sandbox matches the downloaded rule with the packet name of the application and the authority of the request, if the matching is successful, the matching successful rule is applied, and the service is intercepted by a method in the rule or the corresponding authority request is rejected according to the rule or fake data is returned.
Specific example rules are as follows:
pacakge: com.xxx.xxx
requestedPermission:android.permission.ACCESS_COARSE_LOCATION
service: LocationService
service _ proxy _ option (optional) proxy option for service to instruct how to proxy service
block whether to deny the permission request
fake whether to forge data
fakeData forged data
for (val rule : ruleList) {
if (rule.packageName == app.packageName && rule.requestedPermission == app.requestedPermission)) {
if (rule.block) {
return PERMISSION_DENIED;
}
if (rule.fake) {
proxyService(rule.service, rule.service_proxy_option, rule.fakeData);
}
}
}
In a specific embodiment, when the application runs in the background, the authority of the background running of the application is limited, the networking behavior of the application is shielded, and the application cannot upload user information such as an IP address and running tasks and files under an unexpected condition. And hooks of network functions such as send, recv, socket, connect, bind and the like are added in the C + + code by using a Slimhook Native library, so that network request interception is realized, and the application networking behavior can be monitored in real time. When the application calls the connect function and the bind function, whether the current application is in a background state is judged, if yes, a failure call is returned, and therefore user traffic is prevented from being stolen. In other embodiments, when the application is not running in the background, the networking behavior of the application may also be masked, for example, when it is recognized that there is an advertisement show in the application, the networking behavior may be masked by masking a specific network connection, and the recognition may be by recognizing a feature url of the advertisement connection, so as to prevent the vendor from excessively collecting information by using the advertisement. Or the network can be shielded when some game applications are started so as to bypass various virus detection false alarms in the cloud.
In a further embodiment, the android privacy protection method further includes:
dynamic configuration step 104: and after the system version is updated, the current system version information, the machine type and the environment information are uploaded on the internet, and a privacy rule protection file supported by the corresponding system version is requested to be issued to the server.
In a specific embodiment, the privacy protection rule is issued by the server, so that the privacy can be still protected after the system is updated, and the failure or unexpected consequences of the privacy protection scheme after the system is updated can be avoided. And by configuring json or other configuration files, after the system version is updated, the current system version information, the model information and the environment information are uploaded on the internet, and the corresponding system version support configuration files are downloaded. The profile content includes the service Class (Class) name of the current system version, the name of the interception service Method (Method), and the type of data to be intercepted (Location, storageVolume, int, boolean, etc. types).
In a further embodiment, the android privacy protection method further includes:
and a floating window type modifying step 105, adding a LayoutParam type judgment in Windows manager service hijacking of android, and if the type is the system floating window type, changing the system floating window type into an in-application floating window.
In a specific embodiment, the type judgment of the LayoutParam is added in the Android Windows manager service hijacking, if the type of the system floating window is the type of the system floating window, the system floating window is changed into an application internal floating window, even if the application needs to create a global system floating window, the system floating window is actually a visible interface inside the application, and the floating window cannot be still displayed when a background is applied. The application can think that the application obtains the device manager and the upper suspension window authority of the application, think that the application can still display the suspension window when the background is applied, and effectively prevent the lock-type virus trojan from still shielding the interface when the background is applied.
The android privacy protection method has the following technical effects and application prospects:
at present, some enterprises need to carry out privacy compliance investigation on applications installed by mobile phones of internal personnel, the internal personnel often can reveal confidential data, workplaces, environmental photos, environmental information and the like of current work, and privacy compliance can be forced by the applications with non-compliance through the android privacy protection method, so that enterprise data can be prevented from being revealed.
When some fraud software is installed on a personal mobile phone, the fraud software can require personal address book authority, the fraud software cannot run without giving authority, privacy disclosure can be caused if relevant authority is given at some time, and the fraud software cannot run without giving application of the relevant authority.
After the application requests the storage authority, the photo album or the confidential data of the enterprise can be scanned, traversed and checked, and by applying the privacy protection scheme, the application can be prevented from scanning and uploading photos and files of the user after acquiring the storage authority, and the data security of the user, the data security of the enterprise and the like are protected.
After the position, the address list and the short message information are forged, the enterprise can not cause the personnel information of the enterprise to flow out because the internal personnel use the software with the non-compliant privacy, all confidential data and information are prevented from being revealed under the condition that the enterprise and the internal personnel are unknown, and talents are prevented from losing.
Many third party software that individual downloaded in the network may be Trojan or virus software, can cause cell-phone data to be encrypted, the screen is locked, privacy is by real time monitoring, use this application privacy protection scheme can avoid the file to be encrypted under the condition of knowing about, prevent to be locked the screen by the lock virus and prevent to obtain privacy information by Trojan software.
With further reference to fig. 3, as an implementation of the method described above, the present application provides an embodiment of a protection device Zhuo Yinsi, where the system embodiment corresponds to the method embodiment shown in fig. 1, and the system may be applied to various electronic devices.
Referring to fig. 3, an ampere Zhuo Yinsi protection device comprises:
the ROOT determination module 201: configured to determine a ROOT state of the device when the application requests permission;
the first interception module 202: configuring a location service, an activtymanagervice, an activtotaskmanageservice and a PhoneSubInfoService in a jar file for modifying the root permission to intercept the permission request of the application;
the second interception module 203: the system is configured to match the privacy protection rule issued by the server according to the currently applied packet name and the requested authority, intercept or forge the requested authority according to the matched rule if the matching is successful, and otherwise, release the requested authority;
the intercepting or forging the requested authority according to the matched rule specifically comprises the following steps: if the requested authority is a network request and the application is in a background running state, intercepting the network request of the application; if the requested authority is the position information request, intercepting or forging through the agent LocationService; if the requested authority is an app information request, intercepting or forging the request through a proxy PackageManagerrService; if the requested authority is a wifi information request, intercepting or forging the request through a proxy WiFiService; if the requested authority is a Devicedlndentity request, intercepting or forging the request through a proxy TelephonyService; and if the request authority is a camera request, intercepting through a proxy Camera service.
In a further embodiment, the apparatus further comprises:
the dynamic configuration module 204: the system version protection method comprises the steps that after a system version is updated, current system version information, machine types and environment information are uploaded in a networking mode, and a privacy rule protection file supported by a corresponding system version is requested to be issued to a server; the privacy rule protection file comprises a service class name of the current system version, a name of an interception service method and a data type needing to be intercepted;
the floating window type modification module 205: the method is configured to add a LayoutParam type judgment in android Windows manager service hijacking, and if the type is the system floating window type, the system floating window type is changed into an in-application floating window.
Referring now to FIG. 4, shown is a block diagram of a computer system 200 suitable for use in implementing the electronic device of an embodiment of the present application. The electronic device shown in fig. 4 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present application.
As shown in fig. 4, the computer system 300 includes a Central Processing Unit (CPU) 301 that can perform various appropriate actions and processes in accordance with a program stored in a Read Only Memory (ROM) 302 or a program loaded from a storage section 308 into a Random Access Memory (RAM) 303. In the RAM 303, various programs and data necessary for the operation of the system 300 are also stored. The CPU 301, ROM 302, and RAM 303 are connected to each other via a bus 304. An input/output (I/O) interface 305 is also connected to bus 304.
The following components are connected to the I/O interface 305: an input portion 306 including a keyboard, a mouse, and the like; an output portion 307 including a display such as a Liquid Crystal Display (LCD) and a speaker; a storage section 308 including a hard disk and the like; and a communication section 309 including a network interface card such as a LAN card, a modem, or the like. The communication section 309 performs communication processing via a network such as the internet. The driver 230 is also connected to the I/O interface 305 as necessary. A removable medium 311 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 230 as necessary, so that a computer program read out therefrom is mounted into the storage section 308 as necessary.
In particular, according to an embodiment of the present disclosure, the processes described above with reference to the flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method illustrated in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network through the communication section 309, and/or installed from the removable medium 311. The computer program performs the above-described functions defined in the method of the present application when executed by the Central Processing Unit (CPU) 301.
As another aspect, the present application also provides a computer-readable storage medium, which may be included in the electronic device described in the above embodiments; or may exist separately without being assembled into the electronic device. The computer readable storage medium carries one or more programs which, when executed by the electronic device, cause the electronic device to perform the method shown in fig. 1.
It should be noted that the computer readable storage medium described herein can be a computer readable signal medium or a computer readable storage medium or any combination of the two. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples of the computer readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the present application, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In this application, however, a computer readable signal medium may include a propagated data signal with computer readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take many forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A computer readable signal medium may also be any computer readable storage medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable storage medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
Computer program code for carrying out operations for aspects of the present application may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, smalltalk, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the case of a remote computer, the remote computer may be connected to the user's computer through any type of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet service provider).
The flowchart and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
While the present invention has been described with reference to the preferred embodiments, it will be understood by those skilled in the art that various changes and modifications may be made without departing from the spirit and scope of the invention as defined by the appended claims. Therefore, the protection scope of the present application shall be subject to the protection scope of the claims.
In the description of the present application, it is to be understood that the terms "upper", "lower", "inner", "outer", and the like, indicate orientations or positional relationships based on the orientations or positional relationships shown in the drawings, are only for convenience in describing the present application and simplifying the description, and do not indicate or imply that the referred devices or elements must have a specific orientation, be constructed in a specific orientation, and be operated, and thus, should not be construed as limiting the present application. The word 'comprising' does not exclude the presence of elements or steps not listed in a claim. The word 'a' or 'an' preceding an element does not exclude the presence of a plurality of such elements. The mere fact that certain measures are recited in mutually different dependent claims does not indicate that a combination of these measures cannot be used to advantage. Any reference signs in the claims shall not be construed as limiting the scope.

Claims (10)

1. An android privacy protection method is characterized by comprising the following steps: the method comprises the following steps:
ROOT judging step: judging the ROOT state of the equipment when the application requests the permission, if the equipment is in the ROOT state, executing a first interception step, and if not, executing a second interception step;
a first interception step: modifying location service, activityManagerservice, activityTaskManagerservice and PhoneSubbInfoservice in the server file by using root authority to intercept the authority request of the application;
a second interception step: matching the currently applied packet name and the requested authority with a privacy protection rule issued by a server, if the matching is successful, intercepting or forging the requested authority according to the matched rule, otherwise, releasing the requested authority;
the intercepting or forging the requested authority according to the matched rule specifically comprises the following steps: if the requested authority is a network request and the application is in a background running state, intercepting the network request of the application; if the requested authority is the position information request, intercepting or forging through the agent LocationService; if the requested authority is the app information request, intercepting or forging the app information request through a proxy packagemanagerservice; if the requested authority is a wifi information request, intercepting or forging the request through a proxy WiFiService; if the requested authority is a Devicedlndentity request, intercepting or forging the request through a proxy TelephonyService; and if the permission of the request is a camera request, intercepting through a proxy Camera service.
2. The method of claim 1, wherein the method for android privacy protection comprises: the method further comprises the following steps: dynamic configuration step: and after the system version is updated, the current system version information, the machine type and the environment information are uploaded on the internet, and a privacy rule protection file supported by the corresponding system version is requested to be issued to the server.
3. The android privacy protection method of claim 2, wherein: the privacy rule protection file comprises a service class name of the current system version, a name of an interception service method and a data type needing to be intercepted.
4. The method of claim 1, wherein the method for android privacy protection comprises: if the device is not in a ROOT state, the application is installed in a sandbox, and a second intercepting step is performed using the sandbox.
5. The method of claim 1, wherein the method for android privacy protection comprises: the method further comprises the following steps: and modifying the type of the floating window: and adding a LayoutParam type judgment in android Windows manager service hijacking, and changing the type into an application internal floating window if the type is the system floating window type.
6. The method of claim 1, wherein the method for android privacy protection comprises: if the requested permission is a network request and the application is in a background running state, intercepting the network request of the application specifically comprises: and adding hooks of send, recv, socket, connect or bind network functions into the C + + code by using a Slimhook Native library, judging whether the current application is in a background state when the application calls the connect and bind functions, and if so, returning to the calling failure.
7. An ann Zhuo Yinsi protection device which characterized in that: the device comprises:
a ROOT judgment module: configured to determine a ROOT state of the device when the application requests permission;
a first interception module: configuring a location service, an activtymanagervice, an activtotaskmanageservice and a PhoneSubInfoService in a jar file for modifying the root permission to intercept the permission request of the application;
a second interception module: the system is configured to match the privacy protection rule issued by the server according to the currently applied packet name and the requested authority, intercept or forge the requested authority according to the matched rule if the matching is successful, and otherwise, release the requested authority;
the intercepting or forging the requested authority according to the matched rule specifically comprises the following steps: if the requested authority is a network request and the application is in a background running state, intercepting the network request of the application; if the requested authority is the position information request, intercepting or forging through the agent LocationService; if the requested authority is the app information request, intercepting or forging the app information request through a proxy packagemanagerservice; if the requested authority is a wifi information request, intercepting or forging the request through a proxy WiFiService; if the requested authority is a Devicedlndentity request, intercepting or forging the request through a proxy TelephonyService; and if the permission of the request is a camera request, intercepting through a proxy Camera service.
8. The method of claim 1, wherein the method for android privacy protection comprises: the device further comprises:
a dynamic configuration module: the system version protection method comprises the steps that after a system version is updated, current system version information, machine types and environment information are uploaded in a networking mode, and a privacy rule protection file supported by a corresponding system version is requested to be issued to a server; the privacy rule protection file comprises a service class name of the current system version, a name of an interception service method and a data type needing to be intercepted;
a floating window type modification module: the method is configured to add a LayoutParam type judgment in android Windows manager service hijacking, and if the type is the system floating window type, the system floating window type is changed into an in-application floating window.
9. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs;
when executed by the one or more processors, cause the one or more processors to implement the method of any one of claims 1-6.
10. A computer-readable storage medium, on which a computer program is stored which, when being executed by a processor, carries out the method according to any one of claims 1-6.
CN202211136927.9A 2022-09-19 2022-09-19 Android privacy protection method and device and storage medium Pending CN115525875A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211136927.9A CN115525875A (en) 2022-09-19 2022-09-19 Android privacy protection method and device and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211136927.9A CN115525875A (en) 2022-09-19 2022-09-19 Android privacy protection method and device and storage medium

Publications (1)

Publication Number Publication Date
CN115525875A true CN115525875A (en) 2022-12-27

Family

ID=84697653

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211136927.9A Pending CN115525875A (en) 2022-09-19 2022-09-19 Android privacy protection method and device and storage medium

Country Status (1)

Country Link
CN (1) CN115525875A (en)

Similar Documents

Publication Publication Date Title
US10885182B1 (en) System and method for secure, policy-based access control for mobile computing devices
US10097561B2 (en) Data loss prevention for mobile computing devices
US9537869B2 (en) Geographical restrictions for application usage on a mobile device
US10229283B2 (en) Managing applications in non-cooperative environments
US8271608B2 (en) System and method for a mobile cross-platform software system
US9087190B2 (en) Context-aware permission control of hybrid mobile applications
US8769305B2 (en) Secure execution of unsecured apps on a device
US20140137183A1 (en) Security system and method for the android operating system
WO2015096695A1 (en) Installation control method, system and device for application program
US9280665B2 (en) Fast and accurate identification of message-based API calls in application binaries
US20160055344A1 (en) Data loss prevention during app execution using e-mail enforcement on a mobile device
US10754717B2 (en) Fast and accurate identification of message-based API calls in application binaries
US11228563B2 (en) Providing micro firewall logic to a mobile application
WO2018133654A1 (en) Protected positioning method and device
US20140378100A1 (en) Data calling method and device
CN114640713A (en) Data access monitoring and control
US20170169212A1 (en) Security enforcement in the presence of dynamic code loading
CN115525875A (en) Android privacy protection method and device and storage medium
CN106648770B (en) Generation method, loading method and device of application program installation package
US11989294B2 (en) Detecting and preventing installation and execution of malicious browser extensions
US11222135B2 (en) User device privacy protection
US11882123B2 (en) Kernel level application data protection
Ismail et al. An Investigation into Access Control in Various Types of Operating Systems
CN115936724A (en) Service processing method, device, storage medium and electronic equipment
CN115085950A (en) Microservice security control method, microservice security control device, microservice security control equipment and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination