CN118094534A - Mobile application system authority management and control method and device, storage medium and terminal - Google Patents
Mobile application system authority management and control method and device, storage medium and terminal Download PDFInfo
- Publication number
- CN118094534A CN118094534A CN202311415860.7A CN202311415860A CN118094534A CN 118094534 A CN118094534 A CN 118094534A CN 202311415860 A CN202311415860 A CN 202311415860A CN 118094534 A CN118094534 A CN 118094534A
- Authority
- CN
- China
- Prior art keywords
- target application
- permission
- application
- target
- behavior
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 82
- 230000003068 static effect Effects 0.000 claims abstract description 70
- 230000008569 process Effects 0.000 claims abstract description 36
- 238000001514 detection method Methods 0.000 claims abstract description 21
- 238000004458 analytical method Methods 0.000 claims abstract description 15
- 230000006399 behavior Effects 0.000 claims description 106
- 238000012545 processing Methods 0.000 claims description 16
- 230000008859 change Effects 0.000 claims description 15
- 238000004590 computer program Methods 0.000 claims description 13
- 238000009434 installation Methods 0.000 claims description 8
- 238000011900 installation process Methods 0.000 claims description 5
- 238000007726 management method Methods 0.000 description 22
- 238000004891 communication Methods 0.000 description 8
- 230000006870 function Effects 0.000 description 7
- 238000010586 diagram Methods 0.000 description 6
- 241000700605 Viruses Species 0.000 description 3
- 230000009471 action Effects 0.000 description 2
- 230000001939 inductive effect Effects 0.000 description 2
- 230000003287 optical effect Effects 0.000 description 2
- 238000013480 data collection Methods 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000000694 effects Effects 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012544 monitoring process Methods 0.000 description 1
- 238000012552 review Methods 0.000 description 1
- 230000004884 risky behavior Effects 0.000 description 1
- 238000011895 specific detection Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/604—Tools and structures for managing or administering access control systems
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- General Engineering & Computer Science (AREA)
- Software Systems (AREA)
- General Physics & Mathematics (AREA)
- Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Automation & Control Theory (AREA)
- Bioethics (AREA)
- Virology (AREA)
- Storage Device Security (AREA)
Abstract
The embodiment of the invention provides a mobile application system authority management and control method, a device, a storage medium and a terminal, wherein the method comprises the following steps: in the process of installing a target application, carrying out static analysis and risk behavior detection on the target application to obtain static behavior permission and risk behavior results; and setting a corresponding target system permission strategy for the target application based on the static behavior permission, the risk behavior result and the category of the target application. By the method, a user is helped to easily and safely complete configuration of application authorities in the mobile terminal, unreasonable acquisition of system authorities by the application is prevented in advance, data acquisition of the application by excessive use of the authorities in the running process is prevented, and information leakage is avoided.
Description
Technical Field
The present invention relates to the field of application rights technologies, and in particular, to a method and apparatus for controlling rights of a mobile application system, a storage medium, and a terminal.
Background
When a common user uses a mobile intelligent device, many system services and application programs need to acquire corresponding rights to normally run or provide specific functions. Most applications, however, do not explicitly state the purpose of the required rights at the time of filing the rights or request rights not related to their function. In this context, users often cannot understand the specific meaning of the individual rights due to lack of professional context, so that they do not know what rights need to be configured for a certain application. They also raise privacy and data security concerns.
In addition, when users need to perform rights management on applications on a mobile phone, they need to carefully review the rights requested by each application and decide whether to grant these rights. These rights may cover access to cell phone cameras, microphones, address books, locations, etc. This process can become quite cumbersome for those users who install a large number of applications because the user needs to carefully consider the necessity and potential risk of each right. This means that a great deal of time and effort is spent on the part of the user.
Therefore, a technical solution is needed to help the user easily and safely complete the configuration and use of the application rights in the mobile terminal, and prevent the application behavior of the data collection for the excessive use rights, so as to prevent information leakage.
Disclosure of Invention
The embodiment of the invention provides a mobile application system authority management and control method, a device, a storage medium and a terminal, which not only help a user to easily and safely complete the configuration of application authorities in a mobile terminal and prevent unreasonable acquisition of system authorities by application in advance, but also prevent the behavior of excessive use of authority acquisition data by the application in the running process and avoid information leakage.
In a first aspect, an embodiment of the present invention provides a mobile application system authority management and control method, including:
in the process of installing a target application, carrying out static analysis and risk behavior detection on the target application to obtain static behavior permission and risk behavior results;
And setting a corresponding target system permission strategy for the target application based on the static behavior permission, the risk behavior result and the category of the target application.
In a second aspect, an embodiment of the present invention provides a mobile application system authority management and control device, including:
the data acquisition module is used for carrying out static analysis and risk behavior detection on the target application in the process of installing the target application to obtain static behavior permission and risk behavior results;
and the system permission setting module is used for setting a corresponding target system permission policy for the target application based on the static behavior permission, the risk behavior result and the category of the target application.
In a third aspect, an embodiment of the present invention provides a computer-readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, implements the method steps of the first aspect.
In a fourth aspect, an embodiment of the present invention provides a terminal, including a memory, a processor, and a computer program stored in the memory and executable on the processor, where the processor implements the method steps described in the first aspect when the processor executes the computer program.
The mobile application system authority management and control method, the device, the storage medium and the terminal provided by the embodiment of the invention have the following technical effects:
according to the embodiment of the invention, static analysis and risk behavior detection are carried out on the application in the application installation process, a corresponding system permission strategy is set for the application in combination with the type of the application, the change state of the application type is judged according to the current type of the application obtained by dynamic data in the application operation process, and a system permission request is processed according to the change state of the application type and the system permission strategy. By the method, a user is helped to easily and safely complete configuration of application authorities in the mobile terminal, unreasonable acquisition of system authorities by the application is prevented in advance, data acquisition of the application by excessive use of the authorities in the running process is prevented, and information leakage is avoided.
Drawings
In order to more clearly illustrate the embodiments of the present invention or the technical solutions of the prior art, the following description will briefly explain the drawings used in the embodiments or the description of the prior art, and it is obvious that the drawings in the following description are some embodiments of the present invention, and other drawings can be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flowchart of a mobile application system authority control method according to an embodiment of the present invention;
FIG. 2 is a flowchart of a mobile application system permission request processing provided in an embodiment of the present invention;
fig. 3 is a schematic structural diagram of a mobile application system authority management and control device according to an embodiment of the present invention;
Fig. 4 is a block diagram of a terminal according to an embodiment of the present invention.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments of the present invention. All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
When the following description refers to the accompanying drawings, the same numbers in different drawings refer to the same or similar elements, unless otherwise indicated. The implementations described in the following exemplary examples do not represent all implementations consistent with the invention. Rather, they are merely examples of apparatus and methods consistent with certain aspects of the invention as detailed in the accompanying claims.
In the description of the present invention, it should be understood that the terms "first," "second," and the like are used for descriptive purposes only and are not to be construed as indicating or implying relative importance. The specific meaning of the above terms in the present invention will be understood in specific cases by those of ordinary skill in the art.
When a common user uses a mobile intelligent device, many system services and application programs need to acquire corresponding rights to normally run or provide specific functions. Most applications, however, do not explicitly state the purpose of the required rights at the time of filing the rights or request rights not related to their function. In this context, users often cannot understand the specific meaning of the individual rights due to lack of professional context, so that they do not know what rights need to be configured for a certain application. They also raise privacy and data security concerns.
In addition, when a user needs to manage rights for an application on a cell phone, these rights may cover access to a cell phone camera, microphone, address book, location, etc. This process can become quite cumbersome for a user who installs a large number of applications, requiring a significant amount of time and effort from the user.
Aiming at the problems, the invention provides a mobile application system authority management and control method, a device, a storage medium and a terminal. The steps of the mobile application system authority management method according to the embodiments of the present invention will be described in more detail with reference to the accompanying drawings and examples.
Fig. 1 is a flowchart of a mobile application system authority management and control method according to an embodiment of the present invention. As shown in fig. 1, the method according to the embodiment of the present invention may include the following steps:
S101, in the installation process of the target application, static analysis and risk behavior detection are carried out on the target application, and static behavior permission and risk behavior results are obtained.
Optionally, since some content of acquiring rights exists in the privacy statement file and the static code of the application, when the application is installed, the application automatically acquires some system rights without the knowledge of the user, which results in that the user cannot comprehensively manage the rights of the application and may cause privacy disclosure of the application. While the application contains risky behavior, the privacy security of the user will suffer even more. Therefore, the rights acquisition behavior of the application needs to be prevented in advance.
In the embodiment of the invention, when the target application needs to be installed, in the process of installing the target application, static analysis is firstly carried out on the target application to obtain static behavior permission, namely permission acquisition behavior existing in static codes of the target application. And detecting risk behaviors of the target application to obtain a risk behavior result, and judging whether the target application contains risk behaviors. The method comprises the following specific steps:
s101.1, decompressing an installation package of the target application to obtain a manifest file, and acquiring static behavior permission of the target application according to the manifest file.
Optionally, when static analysis is performed on the target application, firstly, an Android application installation package (Android Application Package, APK) of the target application is obtained, and an APK file is decompressed to obtain an Android management file, and rights in Android are configured in the Android management file. In an android management file, there are four tags associated with rights, which are < permission >, < permission-group >, < permission-tree > and < uses-permission >, respectively. Where < uses-permission > is a tag for applying rights, which includes a field in which there is a type of rights that the target application wants to apply for. Therefore, after obtaining the android management file, the < uses-permission > field needs to be found to obtain the static application permission content of the target application, and the permission type required by the target application is obtained to obtain the static permission type. For example, the static application rights content of the target application a has the following relevant statement:
android.permission.BLUETOOTH
android.permission.CHANGE_WIFI_STATE
android.permission.WRITE_SETTINGS
It can be known that the types of static rights that the target application a wants to acquire are respectively: allowing the program to change Wi-Fi connection status, allowing the program to connect to a paired bluetooth device, allowing the program to read or write system settings. According to the method, all static permission types which the target application wants to acquire can be acquired, and the static behavior permission of the target application is obtained.
S101.2, performing risk behavior detection on the installation package of the target application, and obtaining a risk behavior result of the target application.
Optionally, if the target application includes viruses such as Trojan software, rogue software, malicious pornography software, hacking tools, or has risk behaviors such as inducing or forcing the user to download, the application is described to be a malicious application or a risk application, and at this time, great harm is caused to privacy security and data security of the user. Therefore, risk behavior detection needs to be performed on the target application, and because the target application is still in the installation package state in the installation process of the target application, the risk behavior detection is performed on the installation package of the target application, and a specific detection process can adopt various mature detection tools, such as a virus detection tool, a risk behavior detection tool and the like, and the installation package of the target application is subjected to multi-aspect and comprehensive detection to obtain a risk behavior detection result, so that whether the target application contains risk behaviors is judged.
Based on any of the above optional embodiments, S102, a corresponding target system permission policy is set for the target application based on the static behavior permission, the risk behavior result, and the class of the target application.
In the embodiment of the invention, after the static behavior permission and the risk behavior result of the target application are obtained, the category of the target application, namely what type of application the target application is, is required to be obtained, and different types of applications have different system permission requirements, such as 'map navigation type' application needs to obtain positioning permission, 'instant messaging type' application needs to obtain communication type permission and the like. In order to avoid an application from obtaining rights excessively, i.e. obtaining rights beyond the scope of its functional requirements, the type of the target application needs to be determined. The method can be used for judging according to the information such as the package name, the application name and the introduction description of the target application, judging according to the information of each application store, or manually judging and identifying.
Optionally, after determining the category of the target application, setting a corresponding target system authority policy for the target application according to the static behavior authority, the risk behavior result and the category of the target application. The method comprises the following specific steps:
S102.1, if the target application contains risk behaviors, setting a target system permission strategy according to a first preset safety standard;
S102.2, if the target application does not contain risk behaviors, setting a target system permission strategy according to the static behavior permission and the minimum permission corresponding to the target application class; the minimized authority refers to the system authority conforming to a second preset security standard.
Optionally, when the target application includes viruses such as Trojan software, rogue software, malicious pornography software, hacking tools and the like, or has risk behaviors such as inducing or forcing a user to download, the application is indicated to be a malicious application or a risk application, which will cause great harm to privacy security and data security of the user, and at this time, a system permission policy is set for the target application, and cannot be set according to a functional scope of the target application by a normal security application.
Therefore, if the target application includes risk behaviors, the target system permission policy is set according to the first preset security standard. In order to avoid that the target application obtains the privacy information of the user by using the system authority, the information is revealed or other actions endangering the user are made, the target system authority strategy can be set to be totally refused, namely, the target application is not allowed to obtain any one system authority, and the target application is refused when applying any one system authority. However, this situation may cause that the target application repeatedly applies for the system rights, resulting in loss of system performance and affecting the normal operation of the system, so that the target system rights policy may be set to return all pseudo data, i.e. when the target application applies for any one of the system rights, the pseudo data is not rejected, but not returned to the real data of the user, but all pseudo data is returned, which does not cause information leakage of the user, and can also ensure the normal operation of the system. Of course, the target system authority policy may be set to a policy other than "permission", which is not limited herein.
Optionally, if the target application does not include the risk behavior, it is indicated that the target application is a normal and safe application, and a corresponding target system permission policy may be set for the target application according to the static behavior permission of the target application and the class of the target application. The static behavior authority is the authority that the target application wants to apply for to obtain in the static code, but the required authority of different types of applications is different due to different functional ranges, and the static behavior authority of the target application may contain some authorities which are not necessary for the target application to realize the functions. Therefore, the minimum permission corresponding to the target application category needs to be obtained, and the minimum permission refers to the system permission meeting the second preset security standard. The minimum authority which the APP of each category should have must not be applied for more than the authority beyond the functional range is specified according to the notification of the development of deep pushing APP to infringe the user rights and interests improvement action by the department of industry and informatization (letter [ 2020 ] 164 number of the department of industrial and informative) and the personal information range specification necessary for common type mobile internet application (national letter office secret word [ 2021 ] 14 number). Thus, the second security standard may be various related government documents.
Optionally, since the system includes multiple rights, the static behavior rights and the minimizing rights may be only a part of all system rights, when the target system rights policy is set according to the minimizing rights corresponding to the static behavior rights and the target application types, the static behavior rights and the minimizing rights may be compared, if the static behavior rights and the minimizing rights are the same, the target system rights policy may be set to "permission" for all the static behavior rights, and other system rights except for the static behavior rights in all the system rights may be set to "rejection", or set to "return dummy data", "return empty data", or the like, and of course, may also be set freely by the user himself. For example, the total of 100 system rights, the static behavior rights and the minimized rights are 10, and the 10 static behavior rights can be set as "permission" and the other 90 system rights as "denial" as the same.
If the static behavior authority and the minimum authority are different, the target system authority policy may be set to "permission" for the minimum authority in the static behavior authority, and all system authorities and other system authorities except the minimum authority in the static behavior authority may be set to "rejection", or set to "return dummy data", "return null data", etc., which may, of course, be set freely by the user himself. For example, the total system rights are 100, the categories of the target application are "map navigation class", the static behavior rights of the target application are 20, the minimum rights are 10, wherein 10 rights in the static behavior rights are the same as the minimum rights, if the other 10 static behavior rights are "get application list" rights, "get mobile phone identification code" rights, the rights are obviously not required by the navigation class application to realize the function, the rights can be set as "reject", or set as "return dummy data" to avoid repeated application, and the like, and of course, the user can also set freely.
In the above embodiment, after setting the corresponding target system permission policy for the target application in the process of installing the target application, the target application may have an override behavior and may use the permission that has been allowed in an unreasonable scenario in the process of running due to loading a third party file or being invaded by an external third party, for example, in a social application, the invocation of the permission of obtaining an album picture in the scenario of uploading the picture by the user is reasonable, but if the social application is reading the album of the user when the user does not upload the picture, the behavior is unreasonable, and the original target system policy of the target application does not accord with the state of the target application at this time. Therefore, there is also a need for monitoring and analyzing the behavior of the target application in actual operation. And determining the category change condition of the target application in the running process so as to correspondingly process the system permission request in the target running process.
Referring to fig. 2, fig. 2 is a schematic diagram of a mobile application system permission request processing procedure according to an embodiment of the present application. As shown in fig. 2, the method according to the embodiment of the present application may include the following steps:
s201, in the running process of the target application, acquiring dynamic data and a system permission request when the target application runs.
Optionally, in the running process of the target application, the target application can be monitored in real time, and dynamic data generated in the running process of the target application can be obtained. For example, during WeChat operation, a lot of communication class data, payment class data, etc. are generated.
In order to timely acquire the system authority requests of the target applications, each system authority can be monitored to acquire the system authority requests of the target applications, and corresponding processing is performed. For example, the service TelephonyService may sense and process access rights such as address book, sms, etc., so that TelephonyService may be monitored, and specifically, a listening interface may be set in frameworks/base/telephony/java/android/telephony; the service LocationService may sense and process the rights to obtain location information, so LocationService may be monitored, and the specific pile driver sets the interface for listening in fra meworks/base/location/java/android/location. According to the method, all system authorities can be monitored, and the system authority request of the target application can be obtained in real time.
S202, determining the current category of the target application according to the dynamic data, comparing the current category with the category of the target application, and judging the category change state of the target application.
Optionally, after the system permission request of the target application is acquired, in order to avoid the change of the class of the target application caused by loading a third party file or being invaded by an external third party in the running process of the target application, the current class of the target application needs to be determined according to dynamic data generated in the running process of the target application. For example, the target application is originally a "navigation class" application, but a third party "game class" file is loaded during the running process, and then the target may generate a lot of game class data during the running process. Therefore, the current category of the target application can be determined according to the dynamic data generated by the target application in the running process, and then the current category is compared with the category of the target application to judge the category change state of the target application, namely whether the target application is changed or not.
S203, according to the category change state of the target application and the target system permission policy, carrying out corresponding processing on the system permission request.
Optionally, then, according to the category change state of the target application and the target system authority strategy corresponding to the target application, corresponding processing is carried out on the system authority request of the target application. The method comprises the following specific steps:
s203.1, if the category of the target application is unchanged, carrying out corresponding processing on the system permission request according to the target system permission policy;
and S203.2, if the category of the target application is changed, carrying out corresponding processing on the system permission request according to a preset system permission policy.
Optionally, after comparing the current category with the category of the target application, if the current category is the same with the category of the target application, it is indicated that the category of the target application is unchanged, and at this time, the corresponding processing can be directly performed on the system permission request according to the target system permission policy. For example, the system permission request is "acquire positioning", if the permission of "acquire positioning" is set as "allow" in the target system permission policy, the target application is allowed to use the positioning permission, corresponding data is returned, and if the permission of "acquire positioning" is set as "reject" in the target system permission policy, the target application is allowed to be unavailable to use the positioning permission, and no data is returned. And carrying out corresponding processing according to the setting in the target system authority strategy.
Optionally, after comparing the current category with the category of the target application, if the current category is different from the category of the target application, the category of the target application is indicated to be changed, and at the moment, corresponding processing is performed on the system permission request according to a preset system permission policy. The preset system authority policy may be "refused", that is, refusing the system authority request, or "returning dummy data", or "returning null data", or prompting the user, and the user decides the processing mode. And are not limited herein.
Optionally, after determining that the class of the target application has changed, the target authority policy of the target application does not conform to the state of the target application at the time, so that the target authority policy needs to be updated. Firstly, the preset system authority strategy can be compared with the system strategy corresponding to the system authority request in the target system strategy aiming at the system authority request, and if the preset system authority strategy is different, the preset system authority strategy is updated to the target system strategy. And determining the corresponding minimized authority of the target application according to the current class of the target application, namely the class after the change, and updating the authority strategy of the target system.
In summary, the embodiment of the invention provides a mobile application system authority management and identification method, which is used for carrying out static analysis and risk behavior detection on a target application in the process of installing the target application to obtain static behavior authority and risk behavior results; and setting a corresponding target system permission strategy for the target application based on the static behavior permission, the risk behavior result and the category of the target application. The invention sets corresponding system authority strategies for the application by combining the types of the application through static analysis and risk behavior detection of the application in the application installation process, acquires the current types of the application according to dynamic data in the application operation process, judges the change states of the application types, and processes the system authority requests according to the change states of the application types and the system authority strategies. By the method, a user is helped to easily and safely complete configuration of application authorities in the mobile terminal, unreasonable acquisition of system authorities by the application is prevented in advance, data acquisition of the application by excessive use of the authorities in the running process is prevented, and information leakage is avoided.
The following are examples of the apparatus of the present invention that may be used to perform the method embodiments of the present invention. For details not disclosed in the embodiments of the apparatus of the present invention, please refer to the embodiments of the method of the present invention.
Fig. 3 is a schematic structural diagram of a mobile application system authority management and control device according to an embodiment of the present invention.
The mobile application system authority management and control device 300 in the embodiment of the present invention includes: a data acquisition module 301 and a system authority setting module 302.
The data acquisition module is used for carrying out static analysis and risk behavior detection on the target application in the process of installing the target application to obtain static behavior permission and risk behavior results;
and the system permission setting module is used for setting a corresponding target system permission policy for the target application based on the static behavior permission, the risk behavior result and the category of the target application.
It should be noted that, when the mobile application system permission management and control device provided in the foregoing embodiment executes the mobile application system permission management and control method, only the division of the foregoing functional modules is used as an example, in practical application, the foregoing functional allocation may be completed by different functional modules according to needs, that is, the internal structure of the device is divided into different functional modules, so as to complete all or part of the functions described above. In addition, the mobile application system permission management and control device provided in the foregoing embodiments and the mobile application system permission management and control method embodiment belong to the same concept, so for details not disclosed in the system embodiment of the present invention, please refer to the embodiment of the mobile application system permission management and control method of the present invention, and details are not repeated herein.
The foregoing embodiment numbers of the present invention are merely for the purpose of description, and do not represent the advantages or disadvantages of the embodiments.
The present invention also provides a computer readable storage medium having stored thereon a computer program which when executed by a processor performs the steps of the method of any of the previous embodiments. The computer-readable storage medium may include, among other things, any type of disk including floppy disks, optical disks, DVDs, CD-ROMs, micro-drives, and magneto-optical disks, ROM, RAM, EPROM, EEPROM, DRAM, VRAM, flash memory devices, magnetic or optical cards, nanosystems (including molecular memory ICs), or any type of media or device suitable for storing instructions and/or data.
The embodiment of the invention also provides a terminal which comprises a memory, a processor and a computer program stored on the memory and capable of running on the processor, wherein the processor realizes the steps of the method of any embodiment when executing the program.
Fig. 4 is a block diagram of a terminal according to an embodiment of the present invention. Referring to fig. 4, an embodiment of the present invention provides a terminal 400, including: processor 401, communication interface (Communications Interface) 402, memory 403 and communication bus 404, wherein processor 401, communication interface 402 and memory 403 complete communication with each other through communication bus 404. The processor 401 may call logic instructions in the memory 403 to perform a method comprising: in the process of installing a target application, carrying out static analysis and risk behavior detection on the target application to obtain static behavior permission and risk behavior results; and setting a corresponding target system permission strategy for the target application based on the static behavior permission, the risk behavior result and the category of the target application.
The block diagrams of the terminal structure shown in the embodiments of the present invention do not constitute a limitation on the terminal 400, and the terminal 400 may include more or less components than those shown, or may combine some components, or may employ different arrangements of components.
Embodiments of the present invention disclose a computer program product comprising a computer program stored on a non-transitory computer readable storage medium, the computer program comprising program instructions which, when executed by a computer, enable the computer to perform the methods provided by the method embodiments described above, for example comprising: in the process of installing a target application, carrying out static analysis and risk behavior detection on the target application to obtain static behavior permission and risk behavior results; and setting a corresponding target system permission strategy for the target application based on the static behavior permission, the risk behavior result and the category of the target application.
Finally, it should be noted that: the above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (9)
1. A mobile application system rights management and control method, comprising:
in the process of installing a target application, carrying out static analysis and risk behavior detection on the target application to obtain static behavior permission and risk behavior results;
And setting a corresponding target system permission strategy for the target application based on the static behavior permission, the risk behavior result and the category of the target application.
2. The method according to claim 1, wherein the method further comprises:
in the running process of the target application, acquiring dynamic data and a system authority request when the target application runs;
determining the current category of the target application according to the dynamic data, comparing the current category with the category of the target application, and judging the category change state of the target application;
and carrying out corresponding processing on the system permission request according to the category change state of the target application and the target system permission policy.
3. The method according to claim 1, wherein the performing static analysis and risk behavior detection on the target application during the installation process of the target application to obtain static behavior authority and risk behavior results includes:
decompressing the installation package of the target application to obtain a manifest file, and acquiring the static behavior authority of the target application according to the manifest file;
and detecting risk behaviors of the installation package of the target application, and obtaining a risk behavior result of the target application.
4. A method according to any one of claims 1 to 3, wherein said setting a corresponding target system permission policy for said target application based on said static behavior permissions, said risk behavior results and a class of said target application comprises:
If the target application contains risk behaviors, setting a target system authority strategy according to a first preset safety standard;
If the target application does not contain risk behaviors, setting a target system permission strategy according to the static behavior permission and the minimum permission corresponding to the target application class; the minimized authority refers to the system authority conforming to a second preset security standard.
5. The method according to any one of claims 2 to 4, wherein said processing the system permission request according to the class change status of the target application and the target system permission policy includes:
if the category of the target application is unchanged, carrying out corresponding processing on the system permission request according to the target system permission policy;
And if the category of the target application is changed, carrying out corresponding processing on the system permission request according to a preset system permission policy.
6. The method of claim 5, wherein if the class of the target application has changed, after performing corresponding processing on the system permission request according to a preset system permission policy, further comprising:
and updating the target system permission strategy according to the preset system permission strategy and the minimum permission corresponding to the current category of the target application.
7. A mobile application rights management and control device, comprising:
the data acquisition module is used for carrying out static analysis and risk behavior detection on the target application in the process of installing the target application to obtain static behavior permission and risk behavior results;
and the system permission setting module is used for setting a corresponding target system permission policy for the target application based on the static behavior permission, the risk behavior result and the category of the target application.
8. A computer readable storage medium, on which a computer program is stored, characterized in that the computer program, when being executed by a processor, implements the method according to any one of claims 1 to 6.
9. A terminal comprising a memory, a processor and a computer program stored in the memory and executable on the processor, characterized in that the processor implements the method according to any of claims 1 to 6 when executing the computer program.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311415860.7A CN118094534A (en) | 2023-10-26 | 2023-10-26 | Mobile application system authority management and control method and device, storage medium and terminal |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202311415860.7A CN118094534A (en) | 2023-10-26 | 2023-10-26 | Mobile application system authority management and control method and device, storage medium and terminal |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN118094534A true CN118094534A (en) | 2024-05-28 |
Family
ID=91153746
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202311415860.7A Pending CN118094534A (en) | 2023-10-26 | 2023-10-26 | Mobile application system authority management and control method and device, storage medium and terminal |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN118094534A (en) |
-
2023
- 2023-10-26 CN CN202311415860.7A patent/CN118094534A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| WO2015096695A1 (en) | Installation control method, system and device for application program | |
| US8271608B2 (en) | System and method for a mobile cross-platform software system | |
| US9215548B2 (en) | Methods and systems for rating privacy risk of applications for smart phones and other mobile platforms | |
| US8677508B2 (en) | Confidential information leakage prevention system, confidential information leakage prevention method and confidential information leakage prevention program | |
| WO2015124018A1 (en) | Method and apparatus for application access based on intelligent terminal device | |
| US10311247B2 (en) | Method and system for isolating secure communication events from a non-secure application | |
| US10999329B2 (en) | Network access by applications in an enterprise managed device system | |
| JP2010182319A (en) | Application level access privilege to storage area on computer device | |
| US9852294B1 (en) | Systems and methods for detecting suspicious applications based on how entry-point functions are triggered | |
| CN108763951B (en) | Data protection method and device | |
| US9280674B2 (en) | Information processing apparatus and method of controlling same | |
| US20140230012A1 (en) | Systems, methods, and media for policy-based monitoring and controlling of applications | |
| CN104462997A (en) | Method, device and system for protecting work data in mobile terminal | |
| CN115221524B (en) | Service data protection method, device, equipment and storage medium | |
| CN109271792B (en) | Terminal peripheral control method and device based on Android local layer hook | |
| US20170255792A1 (en) | Method and apparatus for protecting privacy in consideration of application usage pattern | |
| CN110990873B (en) | Monitoring method for illegal operation, computer equipment and storage medium | |
| CN111783082A (en) | Process tracing method, device, terminal and computer readable storage medium | |
| CN118094534A (en) | Mobile application system authority management and control method and device, storage medium and terminal | |
| CN107392010B (en) | Root operation execution method and device, terminal equipment and storage medium | |
| US20240152640A1 (en) | Managing access to data stored on a terminal device | |
| CN109088854B (en) | Access method and device of shared application and readable storage medium | |
| CN109800580B (en) | Permission control method and device of system process, storage medium and computer equipment | |
| CN113836529A (en) | Process detection method, device, storage medium and computer equipment | |
| EP2645293A2 (en) | Method and apparatus for controlling operations performed by a mobile computing device |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination |