CN115861456A - Application processing method and device, storage medium and electronic equipment - Google Patents

Application processing method and device, storage medium and electronic equipment Download PDF

Info

Publication number
CN115861456A
CN115861456A CN202211515578.1A CN202211515578A CN115861456A CN 115861456 A CN115861456 A CN 115861456A CN 202211515578 A CN202211515578 A CN 202211515578A CN 115861456 A CN115861456 A CN 115861456A
Authority
CN
China
Prior art keywords
application
detected
image
data
determining
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211515578.1A
Other languages
Chinese (zh)
Inventor
王俊
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
China Telecom Corp Ltd
Original Assignee
China Telecom Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by China Telecom Corp Ltd filed Critical China Telecom Corp Ltd
Priority to CN202211515578.1A priority Critical patent/CN115861456A/en
Publication of CN115861456A publication Critical patent/CN115861456A/en
Pending legal-status Critical Current

Links

Images

Landscapes

  • Stored Programmes (AREA)

Abstract

The disclosure provides an application program processing method and device, electronic equipment and a storage medium, and relates to the technical field of computers. The method comprises the following steps: acquiring an android Application Package (APK) file of an application to be detected; determining static extraction data of image information in the application to be detected according to the APK file; the method comprises the steps that an APK file is operated in a sandbox environment, and image resource data generated in the operation of an application to be detected are obtained; and determining an image data set related to the application to be detected according to the static extraction data and the image resource data. The method can determine the image data set related to the application to be detected by combining a static mode and a dynamic mode, so that the extraction of the image data related to the application to be detected is more comprehensive and more accurate.

Description

Application processing method and device, storage medium and electronic equipment
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to an application processing method and apparatus, a storage medium, and an electronic device.
Background
With the development of computer technology and the wide popularization of mobile terminals, more and more mobile applications that can be installed on mobile terminals are developed for people to use, such as more and more mobile applications based on the Android (Android) system. Risk factors may exist in various resources involved in the mobile application, so that the resource data involved in the mobile application needs to be determined first, and then further monitoring or detection of the risk factors can be performed.
In the related art, the resource data of the mobile application is usually determined based on the APK file of the mobile application, and the resource data determination mode is often not accurate enough and not comprehensive enough.
It is to be noted that the information disclosed in the above background section is only for enhancement of understanding of the background of the present disclosure, and thus may include information that does not constitute prior art known to those of ordinary skill in the art.
Disclosure of Invention
The present disclosure aims to provide an application processing method, an application processing apparatus, an electronic device, and a storage medium, which can enable extraction of image data related to an application to be detected to be more comprehensive and accurate.
Additional features and advantages of the disclosure will be set forth in the detailed description which follows, or in part will be obvious from the description, or may be learned by practice of the disclosure.
According to an aspect of the present disclosure, there is provided an application processing method including: acquiring an android Application Package (APK) file of an application to be detected; determining static extraction data of image information in the application to be detected according to the APK file; the method comprises the steps that an APK file is operated in a sandbox environment, and image resource data generated in the operation of an application to be detected are obtained; and determining an image data set related to the application to be detected according to the static extraction data and the image resource data.
In one embodiment of the present disclosure, determining static extraction data of image information in an application to be detected according to an APK file includes: decompiling the APK file to obtain a target file of the application to be detected; extracting image information of the target file to obtain static extraction data of the image information in the application to be detected; wherein the object file comprises at least one of: resource res files, asset assets files, and picture captures files.
In an embodiment of the present disclosure, acquiring image resource data generated by an application to be detected in a running process includes: intercepting resource data generated by an application to be detected in the running process; processing the resource data through the trained classifier to obtain a classification result of the resource data; and if the classification result indicates that the resource data is of the image type, determining the resource data as the image resource data generated by the application to be detected in the running process.
In one embodiment of the present disclosure, the application processing method further includes: and if the classification result indicates that the resource data is of a non-image type, deleting the resource data.
In one embodiment of the present disclosure, after determining the image data set related to the application to be detected, the application processing method further includes: obtaining a hash value of the APK file; and storing the hash value and the image data set in the detection database in an associated mode.
In an embodiment of the present disclosure, before determining the static extracted data of the image information in the application to be detected according to the APK file, the application processing method further includes determining that the application to be detected is not detected as follows: calculating a hash value of the APK file; calling a detection database, and judging whether the hash value exists in the detection database; and if the hash value does not exist in the detection database, determining that the application to be detected is not detected.
In one embodiment of the present disclosure, the application processing method further includes: if the hash value exists in the detection database, acquiring a target image data set corresponding to the hash value from the detection database; and taking the target image data set as an image data set related to the application to be detected.
According to another aspect of the present disclosure, there is provided an application processing apparatus including:
the acquisition module is used for acquiring an android Application Package (APK) file of the application to be detected; the static data determining module is used for determining static extraction data of the image information in the application to be detected according to the APK file; the dynamic data determining module is used for operating the APK file in a sandbox environment and acquiring image resource data generated by the application to be detected in the operation; and the image data determining module is used for determining an image data set related to the application to be detected according to the static extraction data and the image resource data.
According to yet another aspect of the present disclosure, there is provided a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the application processing method described above.
According to still another aspect of the present disclosure, there is provided an electronic device including: a processor; and a memory for storing executable instructions of the processor; wherein the processor is configured to perform the application processing method described above via execution of the executable instructions.
The application program processing method provided by the embodiment of the disclosure can determine the image data set related to the application to be detected by combining a static mode and a dynamic mode, so that the extraction of the image data related to the application to be detected is more comprehensive and more accurate.
It is to be understood that both the foregoing general description and the following detailed description are exemplary and explanatory only and are not restrictive of the disclosure.
Drawings
The accompanying drawings, which are incorporated in and constitute a part of this specification, illustrate embodiments consistent with the present disclosure and together with the description, serve to explain the principles of the disclosure. It is to be understood that the drawings in the following description are merely exemplary of the disclosure, and that other drawings may be derived from those drawings by one of ordinary skill in the art without the exercise of inventive faculty.
FIG. 1 shows a schematic diagram of an exemplary system architecture to which an application processing method of an embodiment of the present disclosure may be applied;
FIG. 2 illustrates a flow diagram of an application processing method of one embodiment of the present disclosure;
FIG. 3 is a flow chart illustrating a method for determining static extraction data of image information according to an embodiment of the present disclosure;
FIG. 4 is a flowchart illustrating an application processing method according to an embodiment of the present disclosure, in which image resource data generated by an application to be detected in operation is determined;
FIG. 5 shows a block diagram of an application processing device of one embodiment of the present disclosure; and
fig. 6 shows a block diagram of an application processing computer device in an embodiment of the present disclosure.
Detailed Description
Example embodiments will now be described more fully with reference to the accompanying drawings. Example embodiments may, however, be embodied in many different forms and should not be construed as limited to the examples set forth herein; rather, these embodiments are provided so that this disclosure will be thorough and complete, and will fully convey the concept of example embodiments to those skilled in the art. The described features, structures, or characteristics may be combined in any suitable manner in one or more embodiments.
Furthermore, the drawings are merely schematic illustrations of the present disclosure and are not necessarily drawn to scale. The same reference numerals in the drawings denote the same or similar parts, and thus their repetitive description will be omitted. Some of the block diagrams shown in the figures are functional entities and do not necessarily correspond to physically or logically separate entities. These functional entities may be implemented in the form of software, or in one or more hardware modules or integrated circuits, or in different networks and/or processor devices and/or microcontroller devices.
Furthermore, the terms "first", "second" and "first" are used for descriptive purposes only and are not to be construed as indicating or implying relative importance or to implicitly indicate the number of technical features indicated. Thus, a feature defined as "first" or "second" may explicitly or implicitly include one or more of that feature. In the description of the present disclosure, "a plurality" means at least two, e.g., two, three, etc., unless explicitly specifically limited otherwise.
Fig. 1 shows a schematic diagram of an exemplary system architecture to which the application processing method of the embodiments of the present disclosure can be applied.
As shown in fig. 1, the system architecture may include a server 101, a network 102, and a client 103. Network 102 serves as a medium for providing communication links between clients 103 and server 101. Network 102 may include various connection types, such as wired, wireless communication links, or fiber optic cables, to name a few.
In an exemplary embodiment, the client 103 performing data transmission with the server 101 may include, but is not limited to, a smart phone, a desktop computer, a tablet computer, a notebook computer, a smart speaker, a digital assistant, an AR (Augmented Reality) device, a VR (Virtual Reality) device, a smart wearable device, and other types of electronic devices. Optionally, the operating system running on the electronic device may include, but is not limited to, an android system, an IOS system, a linux system, a windows system, and the like.
The server 101 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as a cloud service, a cloud database, cloud computing, a cloud function, cloud storage, a web service, cloud communication, a middleware service, a domain name service, a security service, a CDN (Content Delivery Network), a big data and artificial intelligence platform. In some practical applications, the server 101 may also be a server of a network platform, and the network platform may be, for example, a transaction platform, a live broadcast platform, a social platform, or a music platform, which is not limited in this disclosure. The server may be one server or a cluster formed by a plurality of servers, and the specific architecture of the server is not limited in the present disclosure.
In an exemplary embodiment, the method provided by the present disclosure may be executed by the server 101, the client 103, or both the server 101 and the client 103. For example, a user may first transmit an APK (Android application package) file of an application to be detected to the local client 103, then the local client 103 executes the application processing method provided by the present disclosure, and finally obtains an image data set related to the application to be detected on the local client 103. The user can also send the APK of the application to be detected to the remote server 101 through the client 103, then the server 101 executes the application processing method provided by the present disclosure, and finally an image data set related to the application to be detected is obtained on the server 101, and the server 101 can also store the image data set to the cloud server, and can also send the image data set back to the client 103 for subsequent analysis or processing of the application to be detected.
In an exemplary embodiment, the process used by the client 103 to implement the application processing method may be: the method comprises the steps that a client 103 obtains an android Application Package (APK) file of an application to be detected; the client 103 determines static extraction data of the image information in the application to be detected according to the APK file; the client 103 operates the APK file in a sandbox environment to acquire image resource data generated by the to-be-detected application in operation; the client 103 determines an image data set related to the application to be detected according to the static extraction data and the image resource data.
In addition, it should be noted that fig. 1 shows only one application environment of the application processing method provided by the present disclosure. The number of clients, networks and servers in fig. 1 is merely illustrative, and there may be any number of clients, networks and servers, as desired.
In order to make the technical solutions of the present disclosure better understood by those of ordinary skill in the art, the steps of the application processing method in the exemplary embodiment of the present disclosure will be described in more detail with reference to the drawings and the embodiment.
Fig. 2 shows a flowchart of an application processing method according to an embodiment of the present disclosure. The method provided by the embodiment of the present disclosure may be executed by the server 101 or the client 103 as shown in fig. 1, but the present disclosure is not limited thereto.
In the following description, the client 103 is exemplified as an execution subject.
As shown in fig. 2, the application processing method provided by the embodiment of the present disclosure may include the following steps:
step S201, obtaining an android Application Package (APK) file of the application to be detected.
In this step, the application to be detected may be, for example, an android application program.
In some practical applications, the application to be detected may be used to implement some predetermined functions, on one hand, the APK file thereof may include image data pre-stored for implementing the predetermined functions, and on the other hand, after the application to be detected is installed and run, the application to be detected may also generate call information or request information related to the image data, and the pre-stored image data and the call information or request information related to the image data may be regarded as image data related to the application to be detected, which may be determined by the method provided in the present disclosure.
Step S203, determining static extraction data of the image information in the application to be detected according to the APK file.
In this step, the resource data carried in the static APK file may be obtained first, for example, the APK file may be decompiled to obtain the resource data carried therein; then, static extraction data of the image information is determined from the resource data.
Fig. 3 shows a flowchart of determining static extraction data of image information in the application processing method according to an embodiment of the disclosure, and as shown in fig. 3, in some embodiments, step S203 may further include the following steps.
And step S301, decompiling the APK file to obtain a target file of the application to be detected.
In this step, a preset decompilation tool may be called to perform decompilation processing on the APK file, where the decompilation tool may be ApkTool, jadx, or the like.
Step S303, extracting image information of the target file to obtain static extraction data of the image information in the application to be detected; wherein the object file comprises at least one of: resource res files, asset assets files, and picture captures files.
In some practical applications, step S303 may further include: extracting drawable (picture resource) file information and mipmap (small space majority texture mapping) file information in the res file; extracting first file information of an image format in the assets file; extracting second file information of an image format in the captures file; and then determining static extraction data of the image information in the application to be detected according to the drawable file information, the mipmap file information, the first file information and the second file information. The image format may include one or more of JPEG format, TIF format, GIF format, EPS format, BMP bitmap format, PCX format, and the like.
In this step, the various file information may be extracted by traversing the folders, for example, the folders corresponding to the assets files may be traversed, and the data file suffixed with the image format in the folder is determined as the first file information.
Step S205, the APK file is operated in a sandbox environment, and image resource data generated in the operation of the application to be detected is obtained.
In this step, the sandbox environment may be, for example, a true machine sandbox environment based on an android operating system, and may simulate a click operation of a user to run an APK file of an application to be tested in the true machine sandbox environment, and simulate a true operation of the user on various functions in the application to be tested, so that the application to be tested generates a request for various objects (such as a text, an image, audio, and the like), or generates encoded data of objects in various formats, such as an access request for an image resource, image encoded data (such as base64 encoded data), and the like; in this process, resource data related to the image data, i.e., image resource data generated during operation of the application to be detected, can be determined from the request or the encoded data.
Fig. 4 shows a flowchart of determining image resource data generated by an application to be detected in operation in the application processing method according to an embodiment of the present disclosure, and as shown in fig. 4, in some embodiments, the step S205 of "acquiring image resource data generated by an application to be detected in operation" may further include the following steps.
Step S401, intercepting resource data generated by the application to be detected in the running process.
The resource data may be URL (uniform resource locator) data for accessing the resource, base64 (a coding scheme for transmitting 8-Bit byte codes) coded data for representing the content of the resource in transmission, and the like. In this step, the resource data generated by the application to be detected in the running process can be intercepted by using the intercepting function of the sandbox environment.
And step S403, processing the resource data through the trained classifier to obtain a classification result of the resource data.
The trained classifier may be used to perform classification judgment on the data type corresponding to the resource data, for example, may judge whether the resource data corresponds to an image type or a non-image type. In this step, the resource data intercepted in the previous step may be input to a trained classifier, the trained classifier is used to process the resource data, and a classification result of the resource data is output, so as to determine whether the resource data is image resource data according to the classification result.
In some practical applications, the classifier may be constructed and trained based on a machine-learned linear regression algorithm or a linear classification algorithm.
The classifier may include a feature extraction module and a classification model. The following illustrates the process of constructing and training the classifier:
first, a known type of resource data can be used as a training sample, and the type of resource data can be regarded as a sample label of the resource data. The type of the resource data can be an image type and a non-image type, for example, a URL request link for accessing an image resource can be regarded as resource data of the image type, and base64 encoded data obtained by encoding an image can be regarded as resource data of the image type; a URL request link for accessing a text resource may be considered non-image type resource data.
Secondly, a feature extraction module can be used for extracting features of the resource data to obtain data features of the resource data. The feature extraction module may be a machine model based on a natural language processing algorithm, for example, the machine model may be based on an N-Gram (a chinese language model) algorithm, and may perform feature extraction on the resource data by using the N-Gram algorithm to obtain data features of the resource data. Wherein, the N-Gram is an algorithm based on a statistical language model. The basic idea is that the content in the text (such as URL request, base64 coded data) is subjected to sliding window operation with the size of N according to bytes to form a byte fragment sequence with the length of N, wherein each byte fragment can be called as a gram; the occurrence frequency of all the grams is counted, and filtering is performed according to a preset threshold, so that a key gram list, that is, a vector feature space of the text, can be formed, and each gram in the list can be regarded as a feature vector dimension of the text.
Next, an initial classification model, which may be an untrained machine model constructed based on a linear regression algorithm, may be trained using the data features of the resource data and the sample labels of the resource data. Specifically, the data characteristics of the resource data can be processed by using an initial classification model, and data fitting is performed based on the data characteristics of the resource data to obtain a prediction result of the resource type; then, respectively processing the prediction result and the sample label to obtain respective characteristics, and constructing a loss function by using the respective characteristics of the prediction result and the sample label; and then, optimizing and adjusting parameters of linear regression coefficients in the initial classification model by using a selected optimization algorithm so as to minimize the loss value of the loss function, and finally obtaining the trained classification model.
The mean square error (least square method) can be selected as a cost function when constructing the loss function, a regularization method can be selected as an optimization algorithm when determining an optimization algorithm of a linear regression coefficient, and in some practical applications, the regularization function can be:
Figure BDA0003970433790000091
where m may represent the dimension of the prediction result and the features of the sample label, x (i) The value of the i-th dimension, y, in the feature that can represent the prediction result (i) May represent the value of the ith dimension, θ, in the features of the sample label 0 …θ j A linear domain of data characteristics of the resource data may be represented.
And finally, the trained classifier in the embodiment is formed by the trained classification model and the feature extraction module together.
The trained classifier can classify and judge the input data resources to obtain the output result of whether the data resources are of the image type or the non-image type.
Step S405, if the classification result indicates that the resource data is of the image type, determining the resource data as the image resource data generated by the application to be detected in the running process.
In some embodiments, the application processing method further comprises: and if the classification result indicates that the resource data is of a non-image type, deleting the resource data.
By the method shown in fig. 4, the resource data generated by the application to be detected in the operation may be intercepted, and then the trained classifier is used to determine the image resource data generated by the application to be detected in the operation.
And step S207, determining an image data set related to the application to be detected according to the static extraction data and the image resource data.
After extracting the image information in the decompiled APK file and intercepting the image resource data in the running process of the application to be detected, the data related to the image, which are acquired from the static aspect and the dynamic aspect, can be jointly used as the image data set related to the application to be detected.
In some practical applications, risk detection of the image related to the application to be detected may be performed on the application to be detected based on the image data set related to the application to be detected, for example, whether the application to be detected may relate to an image satisfying a specified characteristic may be further monitored.
By the application program processing method, the image data set related to the application to be detected can be determined by combining a static mode and a dynamic mode, so that the extraction of the image data related to the application to be detected is more comprehensive and more accurate.
In some embodiments, after determining the set of image data related to the application to be detected, the application processing method provided by the present disclosure further includes: obtaining a hash value of an APK file; and storing the hash value and the image data set in the detection database in an associated mode.
In some practical applications, an SHA-1 (Secure Hash Algorithm 1, a cryptographic Hash function) Algorithm may be used to process an APK file, to obtain a SHA-1 value of the APK file; specifically, the SHA-1 algorithm may generate a 160-bit (20-byte) hash value, referred to as a message digest, based on the APK file, which may be in the form of 40 hexadecimal numbers.
Through the embodiment, the hash value of the APK file to be detected and the image data set of the application to be detected obtained in the previous step can be stored in a continuous association manner, the hash value of the APK file to be detected can be regarded as an identification manner of the application to be detected, not only can information such as the name of the application to be detected be identified, but also version content in the application to be detected be identified, for example, if the content of the application to be detected is updated but the name is not changed, the calculated hash value is also changed due to the fact that the content of the application to be detected is updated, the application to be detected can be known to be updated through comparison of the hash value, and therefore the process of re-determining the image data set cannot be missed due to the fact that the name is not changed.
In some embodiments, before determining the static extracted data of the image information in the application to be detected according to the APK file, the application processing method provided by the present disclosure further includes determining that the application to be detected is not detected as follows: calculating a hash value of the APK file; calling a detection database, and judging whether the hash value exists in the detection database; and if the hash value does not exist in the detection database, determining that the application to be detected is not detected.
In some embodiments, the application processing method provided by the present disclosure further includes: if the hash value exists in the detection database, acquiring a target image data set corresponding to the hash value from the detection database; and taking the target image data set as an image data set related to the application to be detected.
It can be seen that, as more and more image data sets of the application to be detected are determined, the data amount in the detection database becomes richer and richer, and then the new application to be detected is more likely to be determined as the image data set and exist in the detection database, and is more likely to respond to the determination request of the image data set of the new application to be detected quickly.
It is to be noted that the above-mentioned figures are only schematic illustrations of the processes involved in the method according to an exemplary embodiment of the invention, and are not intended to be limiting. It will be readily understood that the processes shown in the above figures are not intended to indicate or limit the chronological order of the processes. In addition, it is also readily understood that these processes may be performed synchronously or asynchronously, e.g., in multiple modules.
FIG. 5 shows a block diagram of an application processing apparatus 500 of one embodiment of the present disclosure; as shown in fig. 5, includes:
an obtaining module 501, configured to obtain an android application package APK file of an application to be detected; a static data determining module 502, configured to determine static extracted data of image information in an application to be detected according to an APK file; the dynamic data determining module 503 is configured to run the APK file in a sandbox environment, and acquire image resource data generated in the running of the application to be detected; an image data determining module 504, configured to determine an image data set related to the application to be detected according to the static extraction data and the image resource data.
By the application program processing device, the image data set related to the application to be detected can be determined by combining a static mode and a dynamic mode, so that the extraction of the image data related to the application to be detected is more comprehensive and more accurate.
In some embodiments, the static data determining module 502 determines static extracted data of the image information in the application to be detected according to the APK file, including: decompiling the APK file to obtain a target file of the application to be detected; extracting image information of the target file to obtain static extraction data of the image information in the application to be detected; wherein the object file comprises at least one of: resource res files, asset assets files, and picture captures files.
In some embodiments, the obtaining, by the dynamic data determining module 503, image resource data generated by the application to be detected in the running process includes: intercepting resource data generated by an application to be detected in the running process; processing the resource data through the trained classifier to obtain a classification result of the resource data; and if the classification result indicates that the resource data is of the image type, determining the resource data as the image resource data generated by the application to be detected in the running process.
In some embodiments, the dynamic data determination module 503 is further configured to: and if the classification result indicates that the resource data is of a non-image type, deleting the resource data.
In some embodiments, after determining the set of image data relevant to the application to be detected, the image data determination module 504 is further configured to: obtaining a hash value of an APK file; and storing the hash value and the image data set in a detection database in an associated mode.
In some embodiments, before determining the static extracted data of the image information in the application to be detected according to the APK file, the obtaining module 501 is further configured to determine that the application to be detected is not detected as follows: calculating a hash value of the APK file; calling a detection database, and judging whether the hash value exists in the detection database; and if the hash value does not exist in the detection database, determining that the application to be detected is not detected.
In some embodiments, the obtaining module 501 is further configured to: if the hash value exists in the detection database, acquiring a target image data set corresponding to the hash value from the detection database; and taking the target image data set as an image data set related to the application to be detected.
Other contents of the embodiment of fig. 5 can refer to the other embodiments described above, and the disclosure is not repeated herein.
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or program product. Accordingly, various aspects of the present invention may be embodied in the form of: an entirely hardware embodiment, an entirely software embodiment (including firmware, microcode, etc.), or an embodiment combining hardware and software aspects that may all generally be referred to herein as a "circuit," module "or" system.
Fig. 6 shows a block diagram of an application processing computer device in the embodiment of the present disclosure. It should be noted that the illustrated electronic device is only an example, and should not bring any limitation to the functions and the scope of the embodiments of the present invention.
An electronic device 600 according to this embodiment of the invention is described below with reference to fig. 6. The electronic device 600 shown in fig. 6 is only an example, and should not bring any limitation to the functions and the scope of use of the embodiments of the present invention.
As shown in fig. 6, the electronic device 600 is embodied in the form of a general purpose computing device. The components of the electronic device 600 may include, but are not limited to: the at least one processing unit 610, the at least one memory unit 620, and a bus 630 that couples the various system components including the memory unit 620 and the processing unit 610.
Wherein the storage unit stores program code that is executable by the processing unit 610 to cause the processing unit 610 to perform steps according to various exemplary embodiments of the present invention as described in the above section "exemplary methods" of the present specification. For example, the processing unit 610 may perform a method as shown in fig. 2.
The storage unit 620 may include readable media in the form of volatile storage units, such as a random access memory unit (RAM) 6201 and/or a cache storage unit 6202, and may further include a read-only memory unit (ROM) 6203.
The memory unit 620 may also include a program/utility 6204 having a set (at least one) of program modules 6205, such program modules 6205 including, but not limited to: an operating system, one or more application programs, other program modules, and program data, each of which, or some combination thereof, may comprise an implementation of a network environment.
Bus 630 can be any bus representing one or more of several types of bus structures, including a memory unit bus or memory unit controller, a peripheral bus, an accelerated graphics port, a processing unit, or a local bus using any of a variety of bus architectures.
The electronic device 600 may also communicate with one or more external devices 700 (e.g., keyboard, pointing device, bluetooth device, etc.), with one or more devices that enable a user to interact with the electronic device 600, and/or with any devices (e.g., router, modem, etc.) that enable the electronic device 600 to communicate with one or more other computing devices. Such communication may occur via an input/output (I/O) interface 650. Also, the electronic device 600 may communicate with one or more networks (e.g., a Local Area Network (LAN), a Wide Area Network (WAN), and/or a public network such as the Internet) via the network adapter 660. As shown, the network adapter 660 communicates with the other modules of the electronic device 600 over the bus 630. It should be appreciated that although not shown in the figures, other hardware and/or software modules may be used in conjunction with the electronic device 600, including but not limited to: microcode, device drivers, redundant processing units, external disk drive arrays, RAID systems, tape drives, and data backup storage systems, among others.
In an exemplary embodiment of the present disclosure, there is also provided a computer-readable storage medium having stored thereon a program product capable of implementing the above-described method of the present specification. In some possible embodiments, the various aspects of the invention may also be implemented in the form of a program product comprising program code means for causing a terminal device to carry out the steps according to various exemplary embodiments of the invention described in the above section "exemplary method" of this description, when said program product is run on said terminal device.
According to the program product for implementing the method, the portable compact disc read only memory (CD-ROM) can be adopted, the program code is included, and the program product can be operated on terminal equipment, such as a personal computer. However, the program product of the present invention is not limited in this regard and, in the present document, a readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
The program product may employ any combination of one or more readable media. The readable medium may be a readable signal medium or a readable storage medium. A readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any combination of the foregoing. More specific examples (a non-exhaustive list) of the readable storage medium include: an electrical connection having one or more wires, a portable disk, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
A computer readable signal medium may include a propagated data signal with readable program code embodied therein, for example, in baseband or as part of a carrier wave. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination thereof. A readable signal medium may be any readable medium that is not a readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wireline, optical fiber cable, RF, etc., or any suitable combination of the foregoing.
Program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, C + + or the like and conventional procedural programming languages, such as the "C" programming language or similar programming languages. The program code may execute entirely on the user's computing device, partly on the user's device, as a stand-alone software package, partly on the user's computing device and partly on a remote computing device, or entirely on the remote computing device or server. In situations involving remote computing devices, the remote computing devices may be connected to the user computing device through any kind of network, including a Local Area Network (LAN) or a Wide Area Network (WAN), or may be connected to external computing devices (e.g., through the internet using an internet service provider).
It should be noted that although in the above detailed description several modules or units of the device for action execution are mentioned, such a division is not mandatory. Indeed, the features and functionality of two or more modules or units described above may be embodied in one module or unit, according to embodiments of the present disclosure. Conversely, the features and functions of one module or unit described above may be further divided into embodiments by a plurality of modules or units.
Moreover, although the steps of the methods of the present disclosure are depicted in the drawings in a particular order, this does not require or imply that the steps must be performed in this particular order, or that all of the depicted steps must be performed, to achieve desirable results. Additionally or alternatively, certain steps may be omitted, multiple steps combined into one step execution, and/or one step broken down into multiple step executions, etc.
Through the above description of the embodiments, those skilled in the art will readily understand that the exemplary embodiments described herein may be implemented by software, and may also be implemented by software in combination with necessary hardware. Therefore, the technical solution according to the embodiments of the present disclosure may be embodied in the form of a software product, which may be stored in a non-volatile storage medium (which may be a CD-ROM, a usb disk, a removable hard disk, etc.) or on a network, and includes several instructions to enable a computing device (which may be a personal computer, a server, a mobile terminal, or a network device, etc.) to execute the method according to the embodiments of the present disclosure.
According to an aspect of the present disclosure, there is provided a computer program product or computer program comprising computer instructions stored in a computer readable storage medium. The processor of the computer device reads the computer instructions from the computer-readable storage medium, and the processor executes the computer instructions to cause the computer device to perform the method provided in the various alternative implementations of the embodiments described above.
Other embodiments of the disclosure will be apparent to those skilled in the art from consideration of the specification and practice of the disclosure disclosed herein. This application is intended to cover any variations, uses, or adaptations of the disclosure following, in general, the principles of the disclosure and including such departures from the present disclosure as come within known or customary practice within the art to which the disclosure pertains. It is intended that the specification and examples be considered as exemplary only, with a true scope and spirit of the disclosure being indicated by the following claims.

Claims (10)

1. An application processing method, comprising:
acquiring an android Application Package (APK) file of an application to be detected;
determining static extraction data of the image information in the application to be detected according to the APK file;
the APK file is operated in a sandbox environment, and image resource data generated in the operation of the application to be detected are obtained;
and determining an image data set related to the application to be detected according to the static extraction data and the image resource data.
2. The method according to claim 1, wherein determining static extraction data of image information in the application to be detected according to the APK file comprises:
decompiling the APK file to obtain a target file of the application to be detected;
extracting image information of the target file to obtain static extraction data of the image information in the application to be detected;
wherein the target file comprises at least one of: resource res files, asset assets files, and picture captures files.
3. The method according to claim 1, wherein acquiring image resource data generated by the application to be detected in operation comprises:
intercepting resource data generated by the application to be detected in the running process;
processing the resource data through a trained classifier to obtain a classification result of the resource data;
and if the classification result indicates that the resource data is of the image type, determining the resource data as the image resource data generated by the application to be detected in the running process.
4. The method of claim 3, further comprising:
and if the classification result indicates that the resource data is of a non-image type, deleting the resource data.
5. The method according to any of claims 1-4, wherein after determining the set of image data related to the application to be detected, the method further comprises:
obtaining the hashed value of the APK file;
and storing the hash value and the image data set in a detection database in an associated mode.
6. The method according to any of claims 1-4, wherein before determining the static extracted data of the image information in the application to be detected from the APK file, the method further comprises determining that the application to be detected is not detected as follows:
calculating the hashed value of the APK file;
calling a detection database, and judging whether the hash value exists in the detection database;
and if the hash value does not exist in the detection database, determining that the application to be detected is not detected.
7. The method of claim 6, further comprising:
if the hash value exists in the detection database, acquiring a target image data set corresponding to the hash value from the detection database;
and taking the target image data set as an image data set related to the application to be detected.
8. An application processing apparatus, comprising:
the acquisition module is used for acquiring an android Application Package (APK) file of the application to be detected;
the static data determining module is used for determining static extraction data of the image information in the application to be detected according to the APK file;
the dynamic data determining module is used for operating the APK file in a sandbox environment and acquiring image resource data generated by the application to be detected in the operation;
and the image data determining module is used for determining an image data set related to the application to be detected according to the static extraction data and the image resource data.
9. A computer-readable storage medium, on which a computer program is stored, which program, when executed by a processor, implements the application processing method of any one of claims 1 to 7.
10. An electronic device, comprising:
one or more processors;
storage means for storing one or more programs which, when executed by the one or more processors, cause the one or more processors to carry out an application processing method according to any one of claims 1 to 7.
CN202211515578.1A 2022-11-29 2022-11-29 Application processing method and device, storage medium and electronic equipment Pending CN115861456A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211515578.1A CN115861456A (en) 2022-11-29 2022-11-29 Application processing method and device, storage medium and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211515578.1A CN115861456A (en) 2022-11-29 2022-11-29 Application processing method and device, storage medium and electronic equipment

Publications (1)

Publication Number Publication Date
CN115861456A true CN115861456A (en) 2023-03-28

Family

ID=85668004

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211515578.1A Pending CN115861456A (en) 2022-11-29 2022-11-29 Application processing method and device, storage medium and electronic equipment

Country Status (1)

Country Link
CN (1) CN115861456A (en)

Similar Documents

Publication Publication Date Title
US10547618B2 (en) Method and apparatus for setting access privilege, server and storage medium
CN108491267B (en) Method and apparatus for generating information
CN109039876B (en) Mail processing method and device
CN112527649A (en) Test case generation method and device
CN110858172A (en) Automatic test code generation method and device
CN110888838A (en) Object storage based request processing method, device, equipment and storage medium
WO2021196935A1 (en) Data checking method and apparatus, electronic device, and storage medium
CN113568626B (en) Dynamic packaging and application package opening method and device and electronic equipment
CN114844792A (en) Dynamic monitoring method, device, equipment and storage medium based on LUA language
CN112436943B (en) Request deduplication method, device, equipment and storage medium based on big data
CN114697304B (en) Gray release method, system, device, equipment and storage medium
CN113268453A (en) Log information compression storage method and device
CN116028917A (en) Authority detection method and device, storage medium and electronic equipment
CN110505289B (en) File downloading method and device, computer readable medium and wireless communication equipment
CN112182112A (en) Block chain based distributed data dynamic storage method and electronic equipment
CN115495740A (en) Virus detection method and device
US20230036217A1 (en) Systems and methods for using a structured data database and for exchanging electronic files containing unstructured or partially structered data
CN115794494A (en) Data backup method, system, device, equipment and medium based on dynamic strategy
CN115861456A (en) Application processing method and device, storage medium and electronic equipment
US11662927B2 (en) Redirecting access requests between access engines of respective disk management devices
CN114244912B (en) Data transmission method, device, computer equipment and storage medium
CN115221936A (en) Record matching in a database system
CN114338129A (en) Message anomaly detection method, device, equipment and medium
CN113919310A (en) Short message content determination method and device, electronic equipment and storage medium
CN111967001A (en) Decoding and coding safety isolation method based on double containers

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination