CN117744077A - Application processing method and device and electronic equipment - Google Patents

Application processing method and device and electronic equipment Download PDF

Info

Publication number
CN117744077A
CN117744077A CN202211111920.1A CN202211111920A CN117744077A CN 117744077 A CN117744077 A CN 117744077A CN 202211111920 A CN202211111920 A CN 202211111920A CN 117744077 A CN117744077 A CN 117744077A
Authority
CN
China
Prior art keywords
malicious program
program
malicious
application
disabled
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211111920.1A
Other languages
Chinese (zh)
Inventor
叶楚成
杜冰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Guangdong Oppo Mobile Telecommunications Corp Ltd
Original Assignee
Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Guangdong Oppo Mobile Telecommunications Corp Ltd filed Critical Guangdong Oppo Mobile Telecommunications Corp Ltd
Priority to CN202211111920.1A priority Critical patent/CN117744077A/en
Publication of CN117744077A publication Critical patent/CN117744077A/en
Pending legal-status Critical Current

Links

Landscapes

  • Stored Programmes (AREA)

Abstract

The embodiment of the application discloses an application processing method and device and electronic equipment. The method comprises the following steps: receiving a malicious program list issued by a cloud, wherein the malicious program list of the cloud is updated based on a preset mode; acquiring an application program existing in a malicious program list from application programs installed on electronic equipment as a malicious program; disabling the malicious program and configuring a designated mark for the disabled malicious program; wherein the designation flag is used to cause the disabled malicious program to be allowed to be invoked to run in the foreground. Therefore, the method is beneficial to improving the efficiency of disabling the malicious program. Moreover, the method for configuring the specified mark for the malicious program ensures that the malicious program can still be called to the foreground to run under the condition of being disabled, thereby improving the flexibility of application program processing.

Description

Application processing method and device and electronic equipment
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to an application processing method and apparatus, and an electronic device.
Background
With the development of technology, the variety of applications installed in electronic devices is increasing. Further, as the variety of applications increases, malicious programs also appear. Malicious programs can avoid the searching and killing of the electronic equipment in a set mode and always run in the background. Correspondingly, the electronic device may identify the malicious program in some manner. However, the related way of handling malicious programs is also relatively inflexible and inefficient.
Disclosure of Invention
In view of the above problems, the present application proposes an application processing method, an application processing device, and an electronic device, so as to improve the above problems.
In a first aspect, the present application provides an application processing method, applied to an electronic device, where the method includes: acquiring shooting configuration parameters; acquiring corresponding first shooting resources based on the shooting configuration parameters; configuring the first shooting resource, and synchronously starting to determine shooting scenes based on the shooting configuration parameters; after the shooting scene is determined, acquiring a target resource which is required to be configured and corresponds to the determined shooting scene; and configuring a second shooting resource to finish starting the determined shooting scene, wherein the second shooting resource is included in the target resource and is not included in the first shooting resource.
In a second aspect, the present application provides a memory page processing apparatus, running in an electronic device, where the apparatus includes: a configuration parameter acquisition unit for acquiring shooting configuration parameters; the first resource acquisition unit is used for acquiring corresponding first shooting resources based on the shooting configuration parameters; the resource allocation unit is used for allocating the first shooting resources; a scene determining unit, configured to start determining a shooting scene based on the shooting configuration parameters synchronously when the resource configuration unit starts to configure the first shooting resource; the target resource determining unit is used for acquiring target resources which are required to be configured and correspond to the determined shooting scene after the shooting scene is determined; the resource allocation unit is further configured to allocate a second shooting resource to complete starting the determined shooting scene, where the second shooting resource is included in the target resource and is not included in the first shooting resource.
In a third aspect, the present application provides an electronic device comprising one or more processors and a memory; one or more programs are stored in the memory and configured to be executed by the one or more processors to implement the methods described above.
In a fourth aspect, the present application provides a computer readable storage medium having program code stored therein, wherein the program code, when executed by a processor, performs the method described above.
According to the application program processing method, the application program processing device and the electronic equipment, after the malicious program list issued by the cloud is received, the application program existing in the malicious program list can be obtained as a malicious program in the application program installed by the electronic equipment, the malicious program is further disabled, and a designated mark is configured for the disabled malicious program, wherein the designated mark is used for enabling the disabled malicious program to be allowed to be called to a foreground for operation. Therefore, under the condition that the malicious program list in the cloud can be updated, the electronic equipment can synchronously acquire the latest malicious program list, so that the electronic equipment can acquire the latest malicious program without integral system updating, and further the efficiency of disabling the malicious program is improved. Moreover, the method for configuring the specified mark for the malicious program ensures that the malicious program can still be called to the foreground to run under the condition of being disabled, thereby improving the flexibility of application program processing.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the description of the embodiments will be briefly introduced below, it being obvious that the drawings in the following description are only some embodiments of the present application, and that other drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
Fig. 1 is a schematic diagram of an application scenario of an application processing method according to an embodiment of the present application;
FIG. 2 is a flow chart illustrating a method for processing an application according to an embodiment of the present application;
FIG. 3 shows a schematic diagram of a popup window for displaying names of malicious programs in an embodiment of the present application;
FIG. 4 is a schematic diagram of a tile delete interface in an embodiment of the present application;
FIG. 5 is a flow chart illustrating a method for application processing according to yet another embodiment of the present application;
FIG. 6 is a flow chart illustrating a method for processing an application according to another embodiment of the present application;
FIG. 7 is a block diagram of an application processing device according to an embodiment of the present application;
FIG. 8 shows a block diagram of an electronic device for executing an application processing method according to an embodiment of the present application in real time;
Fig. 9 shows a storage unit for storing or carrying program codes for implementing the application processing method according to the embodiment of the present application in real time.
Detailed Description
The following description of the embodiments of the present application will be made clearly and fully with reference to the accompanying drawings, in which it is evident that the embodiments described are only some, but not all, of the embodiments of the present application. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments herein without making any inventive effort, are intended to be within the scope of the present application.
Typically, a user may fulfill his own functional needs through an application installed in an electronic device. With the development of technology, the variety of applications installed in electronic devices is increasing. Further, as the variety of applications increases, malicious programs also appear. Malicious programs can avoid the searching and killing of the electronic equipment in a set mode and run in the background all the time, so that resources of the electronic equipment can be excessively occupied. Correspondingly, the electronic device may identify the malicious program in some manner and process the identified malicious program.
However, the inventors have found in research that the related ways of handling malicious programs are also relatively inflexible and inefficient. For example, in one mode, the prevention and control policy of the malicious program may be directly configured locally on the electronic device, and in the related mode that the prevention and control policy of the malicious program is directly configured locally on the electronic device, the prevention and control policy of the keep-alive behavior of the malicious program takes a long time, so that the problem of the electronic device that has been shipped cannot be quickly solved. At present, if a malicious program realizes a new keep-alive mode, an old prevention and control strategy can be bypassed. In this case, a developer is required to analyze the problem (new keep-alive mode), determine how to adjust the policy and output the scheme, and after determining the scheme, the developer will develop codes to obtain updated files so as to upgrade the whole machine version of the electronic device and update the new policy into the electronic device.
Moreover, in the related mode of processing the malicious program, the control strategy and the cleaning strategy both have some filtering conditions, and the interception or cleaning is not executed for part of the malicious program, so that part of the malicious program can use the filtering conditions to ensure that the process of the malicious program survives, and the processing effectiveness of the malicious program is influenced.
Therefore, the inventor provides the application program processing method, the application program processing device and the electronic equipment, after receiving the malicious program list issued by the cloud, the application program existing in the malicious program list can be obtained as a malicious program in the application program installed by the electronic equipment, the malicious program is further disabled, and a designated mark is configured for the disabled malicious program, wherein the designated mark is used for enabling the disabled malicious program to be allowed to be called to a foreground for operation.
Therefore, under the condition that the malicious program list in the cloud can be updated, the electronic equipment can synchronously acquire the latest malicious program list, so that the electronic equipment can acquire the latest malicious program without integral system updating, and further the efficiency of disabling the malicious program is improved. Moreover, the method for configuring the specified mark for the malicious program ensures that the malicious program can still be called to the foreground to run under the condition of being disabled, thereby improving the flexibility of application program processing.
An application scenario of an application processing method provided in the embodiment of the present application is described first.
Referring to fig. 1, an application scenario shown in fig. 1 includes an electronic device 100 and a server 200. The server 200 may store a list of malicious programs, and the server 200 may actively push the list of malicious programs to the electronic device 100, and further, the server 200 may send a list of malicious programs to the electronic device 100 in response to a list request sent by the electronic device 100.
The malicious program list in the server 200 may be updated based on a preset manner, so as to ensure that the malicious program list in the server 200 may record the latest malicious program. Alternatively, the server 200 may evaluate whether an application is malicious based on multiple dimensions. The plurality of dimensions may include dimensions of analysis results of the application, runtime of the application, complaint information, etc. to determine whether the application is malicious. The application program can be installed in the electronic equipment, the behavior of the application program in the running process is analyzed, whether the application program has illegal behaviors or not is further determined according to the behavior, and an analysis result of the application program is generated under the condition that the illegal behaviors exist. The running time of the application program characterizes whether the application program has illegal keep-alive behaviors or not.
It should be noted that, the electronic device 100 may be a tablet computer, a smart watch, a smart voice assistant, or other devices besides the smart phone shown in fig. 1 and 2. The server 200 may be an independent physical server, a server cluster or a distributed system formed by a plurality of physical servers, or a cloud server providing basic cloud computing services such as cloud services, cloud computing, cloud storage, network services, cloud communication, middleware services, CDNs (Content Delivery Network, content delivery networks), and artificial intelligence platforms. In the case where the image recognition method provided in the embodiment of the present application is performed by a server cluster or a distributed system formed by a plurality of physical servers, different steps in the image recognition method may be performed by different physical servers, respectively, or may be performed by servers built based on the distributed system in a distributed manner.
Embodiments of the present application will be described in detail below with reference to the accompanying drawings.
Referring to fig. 2, an application processing method provided in an embodiment of the present application is applied to an electronic device, and the method includes:
s110: and receiving a malicious program list issued by the cloud, wherein the malicious program list of the cloud is updated based on a preset mode.
In the embodiment of the present application, the electronic device may receive the list of malicious programs issued by the cloud (e.g., the server 200 described above) at various occasions.
As one approach, the electronic device may actively send a list request to the cloud, which may return a list of malicious programs to the electronic device in response to the list request. Optionally, the electronic device may actively send a list request to the cloud end when each start is performed. By means of the method that the electronic device sends the list request to the cloud end when started each time, the electronic device can acquire the latest malicious program list more timely, and the electronic device can process the malicious program more timely. Furthermore, optionally, the electronic device may actively send a list request to the cloud when detecting that a new application is installed. It should be noted that, the application program newly installed to the electronic device may not be in the old malicious program list, so when the new application program is installed, the synchronous triggering sends the list request to the cloud, so that the electronic device can obtain the latest malicious program list more timely.
Alternatively, the cloud may actively push the updated malicious program list to the electronic device after updating the local malicious program list.
S120: and acquiring the application programs existing in the malicious program list from the application programs installed in the electronic equipment as the malicious programs.
In the embodiment of the application, the electronic device can determine the malicious program according to the malicious program list issued by the cloud. As one way, an identification of the malicious program (for example, a name of the malicious program) is recorded in the malicious program list. In this way, after the electronic device obtains the malicious program list issued by the cloud, the electronic device can match the identifier of the locally installed application program with the identifier of the malicious program in the malicious program list, and the application program with the corresponding identifier successfully matched with the identifier in the malicious program list is used as the malicious program.
For example, if the identifier of the application program included in the malicious program list includes application program a, application program B, application program C, application program D, and application program E. If the application program already installed in the electronic device includes an application program D and an application program E. In this case, the application D and the application E may be successfully matched with the identity of the malicious program in the malicious program list, and the electronic device may further regard the application D and the application E as the malicious program.
S130: the method comprises the steps of disabling a malicious program and configuring a designated mark for the disabled malicious program, wherein the designated mark is used for enabling the disabled malicious program to be allowed to be called to run in the foreground.
As a way, in the case that the operating system of the electronic device is an Android system, the disabling of the malicious program can be achieved by disabling the malicious program in a package disable manner, so that the malicious program is in a disable state. Moreover, the specified mark can be configured for the disabled malicious program, so that the malicious program can be called to the foreground to run although the malicious program is disabled.
It should be noted that, an application may include multiple components, and different components may have different roles. For example, in the case where the operating system of the electronic device is an Android system, the application may include components such as Activity, service, broadcastReceiver and ContentProvider. The Activity component is used for displaying an interface of the application program when the application program runs in the foreground. While Service, broadcastReceiver and ContentProvider are used for data transmission or interaction by the application.
Service is a solution for realizing program background running in the Android operating system, and can execute tasks which do not need interaction with a user and also need long-term running. Service runs independently of any user interface, and even if the program is switched to the background or another application program is opened by a user, service can still keep running normally. In Android, broadcastReceiver is a widely used mechanism for transferring information between applications. And the BroadcastReceiver is a type of component that filters the broadcast that is sent out for acceptance and response. A BroadcastReceiver receiver may be used to allow the application to respond to an external time. For example, when a telephone call arrives, the external event can be handled by the BroadcastReceiver. When the downloading of a program is completed successfully, it can still be processed by the BroadcastReceiver. Content Provider may then be used to cause a specified data set for one application to be provided to other applications.
In this case, the Activity component corresponding to the malicious program with the specified mark may be called, and further the malicious program is called to the foreground operation, while components such as Service, broadcastReceiver and ContentProvider of the malicious program cannot be called.
In one mode, after acquiring an application program existing in a malicious program list as a malicious program in an application program installed in an electronic device, the method further includes: the name of the malicious program is displayed so as to prompt the user to delete the malicious program. Optionally, the electronic device may display the name of the malicious program in a pop-up window manner, so that a user may timely learn which application programs in the locally installed application programs are malicious programs, and then actively delete the malicious programs.
After displaying the name of the malicious program, there are various ways to delete the malicious program.
As one approach, a delete trigger control may also be displayed in a pop-up window that displays the name of the malicious program. The electronic device may delete the malicious program determined by the electronic device directly in response to a touch operation acting on the deletion trigger control.
Alternatively, an application deletion interface native to the electronic device may be invoked in response to a touch operation acting on the deletion trigger control, and a malicious program may be displayed in the application deletion interface. When there are a plurality of malicious programs, a plurality of native application deletion interfaces may be displayed in parallel, and different malicious programs may be displayed in different native application deletion interfaces. Illustratively, as shown in FIG. 3, in the case shown in FIG. 3, the electronic device may display the name of the malicious program by displaying a pop-up window 10. A deletion trigger control 11 is displayed on the pop-up window 10. If a touch operation on the deletion trigger control 11 is detected, the application program D and the application program E shown in fig. 3 may be deleted. Further, as shown in FIG. 4, the native application deletion interface 20 and the native application deletion interface 21 may be displayed side-by-side as shown in FIG. 4.
According to the application program processing method, after the malicious program list issued by the cloud is received, the application programs existing in the malicious program list can be used as malicious programs in application programs installed on the electronic equipment, the malicious programs are further disabled, and the disabled malicious programs are configured with the designated marks, wherein the designated marks are used for enabling the disabled malicious programs to be allowed to be called to the foreground for operation. Therefore, under the condition that the malicious program list in the cloud can be updated, the electronic equipment can synchronously acquire the latest malicious program list, so that the electronic equipment can acquire the latest malicious program without integral system updating, and further the efficiency of disabling the malicious program is improved. Moreover, the method for configuring the specified mark for the malicious program ensures that the malicious program can still be called to the foreground to run under the condition of being disabled, thereby improving the flexibility of application program processing.
Referring to fig. 5, an application processing method provided in an embodiment of the present application is applied to an electronic device, and the method includes:
S210: and receiving a malicious program list issued by the cloud, wherein the malicious program list of the cloud is updated based on a preset mode.
S220: and acquiring the application programs existing in the malicious program list from the application programs installed in the electronic equipment as the malicious programs.
S230: it is detected whether a malicious program is running.
It should be noted that, in the state where the application is running, the characterization user may pay attention to the content displayed by the application or pay attention to the content output by the application. For example, if the application is an information display application, the information content is displayed during the running process of the information application, so that the user can pay attention to the information content in real time, and if the application displaying the information content is disabled directly, the application is caused to flash back, and the user experience is affected. Furthermore, if the application is an audio output application, the application still outputs audio even in the background running condition, and if the application is disabled directly, the audio output is suddenly interrupted, which also causes poor user experience. Therefore, by detecting whether the malicious program is running or not, different disabling modes can be correspondingly provided, and the compatibility and flexibility of the application processing method provided by the embodiment are improved.
As a way, the application program needs to run in the respective process, and further, whether a process belonging to the malicious program exists in the processes currently run by the electronic device can be detected, and if so, it is determined that the malicious program is running. If not, determining that the malicious program is not running.
S240: if the malicious program is not running, the malicious program is forbidden, and a designated mark is configured for the forbidden malicious program, wherein the designated mark is used for enabling the forbidden malicious program to be allowed to be called to run in the foreground.
S250: if the malicious program is running, detecting whether the malicious program is running in the foreground.
S260: if the malicious program runs in the foreground, detecting whether the malicious program is switched to the background running.
Under the condition that a malicious program runs in the foreground, a user may be using the malicious program at present, and if the malicious program is disabled directly, the user experience is poor. Further, it is possible to further detect whether the malicious program is switched to the background operation in the case where it is detected that the malicious program is operating in the foreground.
Alternatively, the electronic device may periodically detect the running condition of the malicious program, so as to detect whether the malicious program has been switched to the background running. The electronic device may determine, according to an application type of the malicious program, a period duration for detecting whether the malicious program is switched to the background operation. For some applications, the user may use the application for a long time during use, for example, for information applications, the user may view information (e.g., news, web content, video content, etc.), and further may run in the foreground for a long time. While for some functional class applications the user may use it only briefly, for example for a payment procedure the user may use it only for temporary payments and not for long periods of time.
Moreover, each detection operation of the electronic device needs to consume the processing resources and the electric quantity of the electronic device, so that the period duration for detecting whether the malicious program is switched to the background operation is determined according to the application type of the malicious program, and waste of the processing resources and the electric quantity of the electronic device is avoided. For malicious programs with longer running time in the foreground when switching to the foreground each time, the corresponding period for detecting whether to switch to the background is longer. That is, for malicious programs that run in the foreground for a longer period of time, the lower the frequency at which the electronic device detects whether it switches to background operation.
Alternatively, the first program list and the second program list may be established in the electronic device. The electronic device may categorize locally installed applications into a first program list or a second program list according to application categories. The detection period corresponding to the application program in the first program list is larger than the detection period corresponding to the application program in the second program list. In this case, in the case where it is detected that a malicious program is running in the foreground, a program list to which the malicious program belongs may be further detected. And under the condition that the malicious program is detected to be in the first program list, detecting whether the malicious program is switched to the background operation or not according to a detection period corresponding to the first program list. And under the condition that the malicious program is detected to be in the second program list, detecting whether the malicious program is switched to the background operation or not according to a detection period corresponding to the second program list.
S270: and if the malicious program is detected to be switched to the background operation, disabling the malicious program, and configuring a designated mark for the disabled malicious program.
In the case that the malicious program originally running in the foreground is switched to the background running, the representation user may not pay attention to the content output by the malicious program, and further, the malicious program may be disabled.
Furthermore, it should be noted that, both the disabling and the disabling of the application by the electronic device require the consumption of the processing resources and the power of the electronic device. Therefore, in order to avoid unnecessary waste of processing resources and power of the electronic device, as a way, if the malicious program is detected to switch to the background operation, the malicious program is disabled, and the disabled malicious program is configured with a designated flag, including: if the malicious program is detected to be switched to the background operation, detecting whether the malicious program is switched to the foreground operation within a specified time period, wherein when the malicious program is switched to the background operation at the starting moment of the specified time period, if the malicious program is not switched to the foreground operation within the specified time period, disabling the malicious program, and configuring a specified mark for the disabled malicious program.
In the embodiments of the present application, the length of the foregoing specified time period may be determined in various manners.
Alternatively, the length of the specified time period may be determined according to the level of malicious intent of the malicious program, wherein the higher the level of malicious intent, the shorter the length of the specified time period. It should be noted that, the malicious level characterizes the malicious level of the malicious program, and the malicious level may be understood as the level of adverse effect of the malicious program on the electronic device. Thus, the higher the level of maliciousness, the greater the adverse effect on the electronic device. The higher the malicious level is, the larger the malicious level is, and further, the higher the malicious level is, the more timely the malicious program needs to be disabled, so as not to cause adverse effects on the electronic equipment.
As one approach, a level of malicious intent of a level of malicious intent may be synchronously generated by the cloud upon generation of the list of malicious programs. Alternatively, the cloud may determine the level of malware based on the application being determined to be the cause of the malware. For example, according to the foregoing description of the embodiments, the cloud end may evaluate whether the application is malicious through multiple dimensions. The level of malicious intent of the level of malicious intent may be determined by the number of dimensions of the malicious program to which the application is determined. For example, if a malicious program is determined to be a malicious program in one dimension, the malicious program is ranked first, if a malicious program is determined to be a malicious program in two dimensions, the malicious program is ranked second, and if a malicious program is determined to be a malicious program in three dimensions, the malicious program is ranked third.
After the cloud end synchronously determines the malicious grade of the malicious program, the malicious grade can be configured in a malicious program list so as to be sent to the electronic equipment along with the malicious program list.
Alternatively, the length of the designated time period may be determined according to the association degree between the application program running in the foreground and the malicious program after the malicious program is switched to the background running, where the higher the association degree is, the longer the length of the designated time period is.
It should be noted that, for some programs, there may be a certain relationship between functions, so that the programs may be frequently switched during use. For example, when using the shopping application program, the user may operate the electronic device to call the payment program to perform the payment operation, and after the payment program is called to the foreground to complete the payment operation, the user may close the payment program, and further, the shopping program switched to the background may be called to the foreground again to view the order information, where the shopping program and the payment program are related programs.
In this manner, association levels of the application may be established, and for each association level, a corresponding length of a specified period of time is configured. In this case, if it is detected that the malicious program is switched to the background operation, and when the malicious program is switched to the background operation, the synchronization is performed and the application program is called to the foreground operation, the association level of the application program called to the foreground operation and the malicious program switched to the background operation can be queried, and after the association level is obtained, the length of the current designated period can be determined.
S280: and if the malicious program is detected to run in the background, disabling the malicious program, and configuring a designated mark for the disabled malicious program.
According to the application program processing method, under the condition that the cloud malicious program list can be updated, the electronic equipment can synchronously acquire the latest malicious program list, so that the electronic equipment can acquire the latest malicious program without integral system updating, and further the efficiency of disabling the malicious program is improved. Moreover, the method for configuring the specified mark for the malicious program ensures that the malicious program can still be called to the foreground to run under the condition of being disabled, thereby improving the flexibility of application program processing. In addition, in the embodiment, different processing strategies can be corresponding according to whether the malicious program is running or not and whether the malicious program is running in the foreground, so that the flexibility and compatibility of malicious program processing are further improved.
Referring to fig. 6, an application processing method provided in an embodiment of the present application is applied to an electronic device, and the method includes:
S310: and receiving a malicious program list issued by the cloud, wherein the malicious program list of the cloud is updated based on a preset mode.
S320: and acquiring the application programs existing in the malicious program list from the application programs installed in the electronic equipment as the malicious programs.
S330: the method comprises the steps of disabling a malicious program and configuring a designated mark for the disabled malicious program, wherein the designated mark is used for enabling the disabled malicious program to be allowed to be called to run in the foreground.
S340: in response to a request to launch a malicious program, a query is made as to whether the malicious program is disabled.
As one way, in the embodiments of the present application, it may be queried whether a malicious program is disabled through AMS (ActivityManagerService). The AMS is mainly responsible for the work of starting, switching, scheduling and managing and scheduling application processes of four large components in the system. If the malicious program is not disabled, the component that was invoked by the request is run in direct response to the request.
S350: if the malicious program is forbidden, detecting whether the malicious program corresponds to a specified mark;
s360: if yes, detecting whether the malicious program is called to the foreground operation.
As one way, detecting whether the invoked component is a specified component, wherein the specified component is a component for displaying a program interface when a malicious program runs in the foreground; if yes, determining that the malicious program is called to the foreground operation. For example, the specified component may be an Activity component.
S370: if so, the malicious program is released from being forbidden, and the malicious program is called to the foreground operation. If the application is not invoked to run in the foreground, the request is ignored.
According to the application program processing method, under the condition that the cloud malicious program list can be updated, the electronic equipment can synchronously acquire the latest malicious program list, so that the electronic equipment can acquire the latest malicious program without integral system updating, and further the efficiency of disabling the malicious program is improved. Moreover, the method for configuring the specified mark for the malicious program ensures that the malicious program can still be called to the foreground to run under the condition of being disabled, thereby improving the flexibility of application program processing. In addition, in the embodiment, for the malicious program in the specified state, the malicious program can still be called to the foreground operation by calling the specified component, so that the malicious program can be processed more flexibly.
Referring to fig. 7, an application processing apparatus 400 provided in an embodiment of the present application is run on an electronic device, where the apparatus 400 includes:
The list receiving unit 410 is configured to receive a malicious program list issued by the cloud, where the malicious program list of the cloud is updated based on a preset manner;
a program detection unit 420, configured to obtain, as a malicious program, an application program existing in a malicious program list among application programs installed on an electronic device;
program processing unit 430 is configured to disable a malicious program and configure a designation flag for the disabled malicious program, where the designation flag is used to enable the disabled malicious program to be invoked to a foreground operation.
As one way, the program processing unit 430 is specifically configured to detect whether a malicious program is running; if the malicious program is not running, the malicious program is forbidden, and a designated mark is configured for the forbidden malicious program. The program processing unit 430 is further specifically configured to detect whether a malicious program is running in the foreground if the malicious program is running; if the malicious program runs in the foreground, detecting whether the malicious program is switched to the background running; and if the malicious program is detected to be switched to the background operation, disabling the malicious program, and configuring a designated mark for the disabled malicious program. And if the malicious program is detected to run in the background, disabling the malicious program, and configuring a designated mark for the disabled malicious program.
Optionally, the program processing unit 430 is specifically configured to detect whether the malicious program is switched to the foreground operation within a specified time period if the malicious program is detected to be switched to the background operation, where a starting time of the specified time period is when the malicious program is switched to the background operation; and if the malicious program is not switched to the foreground operation within the specified time period, disabling the malicious program, and configuring a specified mark for the disabled malicious program.
Optionally, the program processing unit 430 is specifically configured to determine a length of the specified time period according to a malicious level of the malicious program, where the higher the malicious level is, the shorter the length of the specified time period is; or determining the length of the appointed time period according to the association degree of the application program operated by the foreground and the malicious program after the malicious program is switched to the background operation, wherein the higher the association degree is, the longer the length of the appointed time period is.
As one way, the program processing unit 430 is further configured to query whether the malicious program is disabled in response to a request for starting the malicious program; if the malicious program is forbidden, detecting whether the malicious program corresponds to a specified mark; if yes, detecting whether to call the malicious program to the foreground operation;
If so, the malicious program is released from being forbidden, and the malicious program is called to the foreground operation. Optionally, the program processing unit 430 is further specifically configured to detect whether the invoked component is a specified component, where the specified component is a component that is used for displaying a program interface when the malicious program runs in the foreground; if yes, determining that the malicious program is called to the foreground operation.
In one manner, the program processing unit 430 is further configured to, after acquiring an application program installed on the electronic device, display a name of the malicious program after the application program existing in the malicious program list is used as the malicious program, so as to prompt the user to delete the malicious program.
According to the application program processing device, under the condition that the malicious program list in the cloud can be updated, the electronic equipment can synchronously acquire the latest malicious program list, so that the electronic equipment can acquire the latest malicious program without integral system updating, and further the efficiency of disabling the malicious program is improved. Moreover, the method for configuring the specified mark for the malicious program ensures that the malicious program can still be called to the foreground to run under the condition of being disabled, thereby improving the flexibility of application program processing.
It should be noted that, in the present application, the device embodiment and the foregoing method embodiment correspond to each other, and specific principles in the device embodiment may refer to the content in the foregoing method embodiment, which is not described herein again.
An electronic device provided in the present application will be described with reference to fig. 8.
Referring to fig. 8, based on the above application processing method and apparatus, another electronic device 2000 capable of executing the above application processing method is further provided in the embodiments of the present application. The electronic device 2000 includes one or more (only one shown in the figures) processors 202, a memory 204, a network module 206, a sensor module 208, and an audio acquisition device 210 that are coupled to each other. The memory 204 stores therein a program capable of executing the contents of the foregoing embodiments, and the processor 202 can execute the program stored in the memory 204.
Wherein the processor 202 may include one or more processing cores. The processor 202 utilizes various interfaces and lines to connect various portions of the overall electronic device 2000, perform various functions of the electronic device 2000 and process data by executing or executing instructions, programs, code sets, or instruction sets stored in the memory 204, and invoking data stored in the memory 204. Alternatively, the processor 202 may be implemented in hardware in at least one of digital signal processing (Digital Signal Processing, DSP), field programmable gate array (Field-Programmable Gate Array, FPGA), programmable logic array (Programmable Logic Array, PLA). The processor 202 may integrate one or a combination of several of a central processing unit (Central Processing Unit, CPU), an image processor (Graphics Processing Unit, GPU), and a modem, etc. The CPU mainly processes an operating system, a user interface, an application program and the like; the GPU is used for being responsible for rendering and drawing of display content; the modem is used to handle wireless communications. It will be appreciated that the modem may not be integrated into the processor 202 and may be implemented solely by a single communication chip.
The Memory 204 may include a random access Memory (Random Access Memory, RAM) or a Read-Only Memory (Read-Only Memory). Memory 204 may be used to store instructions, programs, code sets, or instruction sets. The memory 204 may include a stored program area and a stored data area, wherein the stored program area may store instructions for implementing an operating system, instructions for implementing at least one function (e.g., a touch function, a sound playing function, an image playing function, etc.), instructions for implementing the various method embodiments described below, etc.
The network module 206 is configured to implement information interaction between the electronic device 2000 and other devices, for example, transmit a device control command, a manipulation request command, and a status information acquisition command. While the electronic device 2000 may be embodied as a different device, its corresponding network module 206 may be different.
The sensor module 208 may include at least one sensor. Specifically, the sensor module 208 may include, but is not limited to: light sensors, motion sensors, pressure sensors, infrared thermal sensors, distance sensors, acceleration sensors, and other sensors.
Wherein the pressure sensor may detect the pressure generated by pressing against the electronic device 2000. That is, the pressure sensor detects a pressure generated by contact or pressing between the user and the electronic device, for example, a pressure generated by contact or pressing between the user's ear and the mobile terminal. Thus, the pressure sensor may be used to determine whether contact or pressure has occurred between the user and the electronic device 2000, as well as the magnitude of the pressure.
The acceleration sensor may detect the acceleration in each direction (typically three axes), and may detect the gravity and direction when stationary, and may be used for applications for recognizing the gesture of the electronic device 2000 (such as landscape/portrait screen switching, related games, magnetometer gesture calibration), vibration recognition related functions (such as pedometer, and knocking), and so on. In addition, the electronic device 2000 may further be configured with other sensors such as a gyroscope, a barometer, a hygrometer, a thermometer, etc., which will not be described herein.
The audio acquisition device 210 is used for acquiring audio signals. Optionally, the audio capturing device 210 includes a plurality of audio capturing devices. The audio acquisition device may be a microphone. For example, in one approach, the audio acquisition device 210 may include two microphones, in which one microphone may correspond to one analog-to-digital converter and the other microphone may correspond to two analog-to-digital converters of different analog gains. In another approach, the audio collection device 210 may include three microphones. In this manner, two of the microphones (e.g., the primary microphone and the secondary microphone) may each correspond to one analog-to-digital converter, and the other microphone (e.g., the camera microphone) may correspond to two analog-to-digital converters of different analog gains.
As one way, the network module of the electronic device 2000 is a radio frequency module, and the radio frequency module is configured to receive and transmit electromagnetic waves, so as to implement mutual conversion between the electromagnetic waves and the electrical signals, thereby communicating with a communication network or other devices. The radio frequency module may include various existing circuit elements for performing these functions, such as an antenna, a radio frequency transceiver, a digital signal processor, an encryption/decryption chip, a Subscriber Identity Module (SIM) card, memory, and the like. For example, the radio frequency module can perform information interaction with external equipment through the transmitted or received electromagnetic waves, and further receive audio signals transmitted by the external equipment.
Furthermore, the electronic device 2000 may further include an image capturing device for capturing images. For example, video, still pictures or moving pictures can be taken by the image capturing device.
Referring to fig. 9, a block diagram of a computer readable storage medium according to an embodiment of the present application is shown. The computer readable medium 800 has stored therein program code which can be invoked by a processor to perform the methods described in the method embodiments described above.
The computer readable storage medium 800 may be an electronic memory such as a flash memory, an EEPROM (electrically erasable programmable read only memory), an EPROM, a hard disk, or a ROM. Optionally, the computer readable storage medium 800 comprises a non-volatile computer readable medium (non-transitory computer-readable storage medium). The computer readable storage medium 800 has storage space for program code 810 that performs any of the method steps described above. The program code can be read from or written to one or more computer program products. Program code 810 may be compressed, for example, in a suitable form.
According to the application program processing method, the application program processing device and the electronic equipment, after the malicious program list issued by the cloud is received, the application program existing in the malicious program list can be obtained as a malicious program in the application program installed by the electronic equipment, the malicious program is further disabled, and a designated mark is configured for the disabled malicious program, wherein the designated mark is used for enabling the disabled malicious program to be allowed to be called to a foreground for operation. Therefore, under the condition that the malicious program list in the cloud can be updated, the electronic equipment can synchronously acquire the latest malicious program list, so that the electronic equipment can acquire the latest malicious program without integral system updating, and further the efficiency of disabling the malicious program is improved. Moreover, the method for configuring the specified mark for the malicious program ensures that the malicious program can still be called to the foreground to run under the condition of being disabled, thereby improving the flexibility of application program processing.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present application, and are not limiting thereof; although the present application has been described in detail with reference to the foregoing embodiments, one of ordinary skill in the art will appreciate that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not drive the essence of the corresponding technical solutions to depart from the spirit and scope of the technical solutions of the embodiments of the present application.

Claims (12)

1. An application processing method, applied to an electronic device, the method comprising:
receiving a malicious program list issued by a cloud, wherein the malicious program list of the cloud is updated based on a preset mode;
acquiring an application program existing in the malicious program list from application programs installed in the electronic equipment as a malicious program;
disabling the malicious program and configuring a designated mark for the disabled malicious program;
wherein the specified tag is used to allow the disabled malicious program to be invoked to run in the foreground.
2. The method of claim 1, wherein the disabling the malicious program and assigning a flag to the disabled malicious program configuration comprises:
detecting whether the malicious program is running;
and if the malicious program is not running, disabling the malicious program, and configuring a designated mark for the disabled malicious program.
3. The method according to claim 2, wherein the method further comprises:
if the malicious program is running, detecting whether the malicious program is running in the foreground;
if the malicious program runs in the foreground, detecting whether the malicious program is switched to the background running;
And if the malicious program is detected to be switched to the background operation, the malicious program is forbidden, and a designated mark is configured for the forbidden malicious program.
4. A method according to claim 3, wherein if the malicious program is detected to switch to background operation, disabling the malicious program and assigning a flag to the disabled malicious program configuration comprises:
if the malicious program is detected to be switched to the background operation, detecting whether the malicious program is switched to the foreground operation within a specified time period, wherein the starting time of the specified time period is when the malicious program is switched to the background operation;
and if the malicious program is not switched to the foreground operation within the specified time period, disabling the malicious program, and configuring a specified mark for the disabled malicious program.
5. The method according to claim 4, wherein the method further comprises:
determining the length of the appointed time period according to the malicious grade of the malicious program, wherein the length of the appointed time period is shorter when the malicious grade is higher; or alternatively
And determining the length of the appointed time period according to the association degree of the application program operated by the foreground and the malicious program after the malicious program is switched to the background operation, wherein the higher the association degree is, the longer the length of the appointed time period is.
6. A method according to claim 3, characterized in that the method further comprises:
and if the malicious program is detected to run in the background, disabling the malicious program, and configuring a designated mark for the disabled malicious program.
7. The method of claim 1, wherein the disabling the malicious program and assigning a flag to the disabled malicious program configuration further comprises:
querying whether the malicious program is disabled or not in response to a request for starting the malicious program;
if the malicious program is forbidden, detecting whether the malicious program corresponds to a specified mark;
if yes, detecting whether the malicious program is called to a foreground operation;
if yes, the malicious program is disabled, and the malicious program is called to be operated in the foreground.
8. The method of claim 7, wherein the detecting whether to invoke the malicious program to a foreground run comprises:
detecting whether the called component is a designated component, wherein the designated component is a component used for displaying a program interface when the malicious program runs in the foreground;
if yes, determining that the malicious program is called to be operated in the foreground.
9. The method according to claim 1, wherein the acquiring the application program installed on the electronic device, after the application program existing in the malicious program list is a malicious program, further comprises:
and displaying the name of the malicious program so as to prompt a user to delete the malicious program.
10. An application processing apparatus, operable on an electronic device, the apparatus comprising:
the system comprises a list receiving unit, a cloud computing unit and a cloud computing unit, wherein the list receiving unit is used for receiving a malicious program list issued by the cloud computing unit, and the malicious program list of the cloud computing unit is updated based on a preset mode;
the program detection unit is used for acquiring application programs existing in the malicious program list from application programs installed in the electronic equipment as malicious programs;
the program processing unit is used for disabling the malicious program and configuring a designated mark for the disabled malicious program;
wherein the specified tag is used to allow the disabled malicious program to be invoked to run in the foreground.
11. An electronic device comprising one or more processors and memory; one or more programs are stored in the memory and configured to perform the method of any of claims 1-9 by the one or more processors.
12. A computer readable storage medium, characterized in that the computer readable storage medium has stored therein a program code, wherein the program code, when being executed by a processor, performs the method of any of claims 1-9.
CN202211111920.1A 2022-09-13 2022-09-13 Application processing method and device and electronic equipment Pending CN117744077A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202211111920.1A CN117744077A (en) 2022-09-13 2022-09-13 Application processing method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202211111920.1A CN117744077A (en) 2022-09-13 2022-09-13 Application processing method and device and electronic equipment

Publications (1)

Publication Number Publication Date
CN117744077A true CN117744077A (en) 2024-03-22

Family

ID=90249467

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211111920.1A Pending CN117744077A (en) 2022-09-13 2022-09-13 Application processing method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN117744077A (en)

Similar Documents

Publication Publication Date Title
CN109213539B (en) Memory recovery method and device
CN107402790B (en) Application program starting method and device, storage medium and terminal
CN107734616B (en) Application program closing method and device, storage medium and electronic equipment
CN107748685B (en) Application program starting control method and device, terminal equipment and storage medium
CN107861817B (en) Thread blocking-based memory optimization method, mobile terminal and readable storage medium
CN107861730B (en) Application processing method and mobile terminal
CN108052390B (en) Thread blocking-based memory cleaning method, mobile terminal and readable storage medium
CN110569220B (en) Game resource file display method and device, terminal and storage medium
CN107402791B (en) Application processing method and device, storage medium and terminal
CN110780940A (en) Application program loading method, electronic device and storage medium
CN106937258B (en) A kind of control method of broadcast, device and mobile terminal
CN110413420B (en) Data transmission method, device, terminal and storage medium
CN110888683B (en) Performance optimization method and device of operating system and readable medium
CN110413383B (en) Event processing method, device, terminal and storage medium
CN111966425A (en) Process cleaning method and device, storage medium and mobile terminal
CN110120963B (en) Data processing method, device, equipment and machine readable medium
CN107623788B (en) Method and device for improving application starting speed and computer readable storage medium
CN117744077A (en) Application processing method and device and electronic equipment
WO2021129489A1 (en) Application precompiling method and apparatus, electronic device, and storage medium
CN110753909B (en) Service scheduling method and device, computer equipment and computer readable storage medium
CN117076089B (en) Application management method, terminal device and storage medium
CN115225966B (en) Application starting method, device, terminal equipment and storage medium
US11868249B2 (en) Method and apparatus for reducing operation of garbage collection
CN116048544B (en) Processing method of popup advertisement, electronic equipment and readable storage medium
CN116700913B (en) Scheduling method, equipment and storage medium of embedded file system

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination