JP2013182500A - Api execution control device and program - Google Patents

Abstract

PROBLEM TO BE SOLVED: To provide an API execution control device and a program in which a user can control the operation of an application by grasping the operation of the application in advance.SOLUTION: An API execution part 11 detects the operation executed in API (Application Program Interface) by an application. When this operation is detected, a notification part 17 notifies its detection to a user. After notification is made to a user by the notification part 17, an execution control part 16 controls execution of the API on the basis of information inputted by the user.

Description

  The present invention relates to an API execution control device that controls execution of an application program interface (API) by an application. The present invention also relates to a program for causing a computer to function as the API execution control device.

  Portable information terminals called smartphones that use an open platform using a general-purpose OS (operating system) have become widespread. As a general-purpose OS installed in smartphones, Android (registered trademark), which has abundant APIs that are a set of instructions and functions for using information and functions managed by terminals, is attracting attention. . As an example, this specification describes a smartphone equipped with an Android (registered trademark) OS.

  A smartphone is a platform that allows anyone to freely develop and publish applications and allow users to freely install published applications. By introducing a published application to a smartphone, various functions of the smartphone can be expanded flexibly and easily.

  However, among applications, there is a malicious application (malware) that collects information in the terminal and transmits it to the outside so that the user does not notice it. In particular, an application that impersonates a legitimate application and performs such illegal behavior is called a Trojan horse, and it is difficult for the user to notice the threat.

  Smartphones are provided with APIs that control phones and cameras, and applications can make calls, SMS (Short Message Service) communications, and take pictures using the APIs. If these actions are secretly performed by a malicious application, self-charging or privacy leakage will occur.

  Smartphones are devices that have a closer connection with users than PCs (personal computers), and collect personal information such as phone numbers, email addresses, address books, email transmission / reception histories, and Internet browsing histories. In addition, because of the high functionality of the terminal and the mode of use that is always carried, it is possible to easily acquire information such as location information that was not collected by conventional PCs, and face the threat of misuse of information.

  In Android (registered trademark), function groups and information groups used by applications are defined as permissions. The permission is an authority relating to use of functions / information in the terminal capable of executing the application and change of settings. When installing an application, the user is notified (declared) of the permissions used by the application, and the user determines whether or not the application can be installed. After the application is installed, the application operates within a range permitted by the permission notified to the user at the time of installation. Such a mechanism that restricts the operation of the application based on the permission prevents an illegal operation of the application. Non-Patent Documents 1 to 3 describe that Android (registered trademark) is improved so that the user can change the permission used by the application during and after the installation of the application.

M.Nauman, S.Khan, and X.Zhang, “Apex: Extending Android Permission Model and Enforcement with User-defined Runtime Constraints”, 5th ACM Symposium on Information, Computer and Communications Security, pp 328-332,2010 M. Ongtang, S. McLaughlin, W. Enck, and P. McDaniel, “Semantically Rich Application-Centric Security in Android”, ieee: Annual Computer Security Applications Conference, pp 340-349, 2009 H.Banuri, M.Alam, S.Khan, J.Manzoor, B.Ali, Y.Khan, M.Yaseen, MNTahir, T.Ali and X.Zhaug, “Android Runtime Security Policy Enforcement Framework” The 2010 International Workshop on Smartphone Applications and Services, 2010

  However, with a mechanism that restricts the behavior of an application based on permissions, the user can determine when and how the application uses the permission that was approved at the time of application installation or the permission that was changed after the application was installed. There is a problem that we cannot know. At present, there is a problem that a malicious application that performs an illegal operation using a permitted permission has appeared. Once the user grants permission to install the application, the user is not notified even if the application performs an operation that requires permission. Therefore, it is difficult for the user to notice damage such as information leakage.

  Among malicious applications called malware, there is an application having a function called a Trojan horse. It is extremely difficult to detect malware when the malware uses the same permissions according to the original purpose and performs illegal operations in the background using the same permissions. For example, it is considered correct for an SMS client application to declare SEND_SMS, which is a permission for sending information to the outside. However, if the SMS client application behaves normally and sends information to the outside illegally in the background regardless of the user's intention, it is extremely difficult for the user to notice the information transmission. For this reason, a mechanism is needed that can grasp when and how an action that the user has not approved is executed by the application.

  In addition to the above problems, there are also problems caused by user's erroneous operations. For example, even if the user mistakenly presses a button for sending a message by SMS among the buttons displayed on the screen during the operation of the SMS client application, the message sending operation cannot be stopped. Therefore, from the viewpoint of usability, the user can confirm the operation that the application will perform before sending the message by SMS, etc., and the user can select whether to execute the operation. Will not occur.

  The present invention has been made in view of the above-described problems, and an object of the present invention is to provide an API execution control device and a program that allow a user to grasp the operation of an application in advance and control the operation of the application. To do.

  The present invention has been made to solve the above-described problem, and a detection unit that detects an operation of an application to execute an API (Application Program Interface), and notifies the user when the operation is detected. An API execution control, comprising: a notification unit that performs the control; and a control unit that controls the execution of the API based on information input by the user after the notification unit notifies the user Device.

  In addition, the API execution control device of the present invention includes a storage unit that stores control information indicating the control content of the API execution, and the control unit controls information input by the user after the notification unit notifies the user. A storage processing unit that stores the information in the storage unit as information, and the control unit controls execution of the API based on information input by the user after the notification unit notifies the user. When the operation is detected again, the execution of the API is controlled based on the control information stored in the storage unit.

  The API execution control device of the present invention further includes an information acquisition unit that acquires information on a method that executes the API when the operation is detected, and the storage processing unit is configured so that the notification unit notifies the user. After performing the notification, the information input by the user and the method information are associated with each other and stored in the storage unit as the control information. After the notification unit notifies the user, the control unit The execution of the API is controlled based on information input by a user, and the control information including the same information as the method information acquired by the information acquisition unit when the operation is detected again. The execution of the API is controlled based on the control information read from the storage unit.

  Further, in the API execution control device of the present invention, the control unit is configured such that after the notification unit notifies the user, only when the information input by the user indicates permission to execute the API, When execution is permitted and the operation is detected again, execution of the API is permitted only when the control information stored in the storage unit indicates permission to execute the API. To do.

  Further, in the API execution control device of the present invention, the control unit, when the information input by the user indicates that the dummy information is used after the notification unit notifies the user, As a result of the execution, the API is controlled to return the dummy information to the application, and the control information stored in the storage unit uses the dummy information when the operation is detected again. If indicated, the API is controlled so that the dummy information is returned to the application as a result of execution of the API.

  In the API execution control device of the present invention, the same UID (User ID) is given to the storage processing unit and the control unit.

  In the API execution control apparatus of the present invention, the application and the detection unit perform processing in the same process, and different UIDs (User IDs) are given to the application, the storage processing unit, and the control unit. The authority to access the control information stored in the storage unit is not given to the application, but is given to the storage processing unit and the control unit.

  In the API execution control device of the present invention, the control unit operates in the background while the application is operating.

  In the API execution control device of the present invention, the API is an API for acquiring information corresponding to a specified argument from a database, and the notification unit detects the operation and performs the operation. The user is notified when a predetermined argument is specified.

  In the API execution control device of the present invention, the notification unit is an application that operates on an OS having at least one of Activity, Service, BroadcastReceiver, and ContentProvider as a component of the application, and the Activity is a component. It is characterized by being an application.

  In addition, the present invention provides a detection unit that detects an operation in which an application attempts to execute an API (Application Program Interface), a notification unit that notifies a user when the operation is detected, and the notification unit includes a user Is a program for causing a computer to function as a control unit that controls the execution of the API based on information input by a user after notification.

  According to the present invention, when an operation of an application trying to execute an API is detected, the user is notified and the execution of the API is controlled based on information input by the user. It is possible to grasp the operation of the application in advance and control the operation of the application.

It is a block diagram which shows the structure of the terminal device by one Embodiment of this invention. FIG. 6 is a reference diagram showing a list of APIs to be hooked in an embodiment of the present invention. It is a flowchart which shows the procedure of operation | movement of the API execution part in one Embodiment of this invention. It is a flowchart which shows the procedure of operation | movement of the information acquisition part in one Embodiment of this invention. It is a flowchart which shows the procedure of the operation | movement of the security policy determination part in one Embodiment of this invention. It is a reference figure which shows the information of the condition where API is performed in one Embodiment of this invention. FIG. 5 is a reference diagram illustrating source code in which a method that calls an API is described in an embodiment of the present invention. FIG. 5 is a reference diagram illustrating source code in which a method that calls a method that calls an API is described in an embodiment of the present invention. It is a flowchart which shows the procedure of operation | movement of the socket production | generation part in one Embodiment of this invention. It is a flowchart which shows the procedure of operation | movement of the starting part in one Embodiment of this invention. It is a flowchart which shows the procedure of operation | movement of the notification part in one Embodiment of this invention. It is a reference figure showing the message displayed in one embodiment of the present invention. It is a flowchart which shows the procedure of operation | movement of the storage process part in one Embodiment of this invention. It is a flowchart which shows the procedure of operation | movement of the execution control part in one Embodiment of this invention. It is a reference figure which shows the argument of the database reference API in one Embodiment of this invention. It is a flowchart which shows the procedure of operation | movement of the API execution part in one Embodiment of this invention.

  Hereinafter, embodiments of the present invention will be described with reference to the drawings. In this specification and drawings, for convenience, the character string “android (registered trademark)” is substituted with the character string “* andrd *” and the character string “Android (registered trademark)” is substituted with the character string “* Andrd *” as necessary. , Java (registered trademark) is replaced with the character string * jv *. That is, the string * andrd * is equivalent to the string Android (registered trademark), the string * Andrd * is equivalent to the string Android (registered trademark), and the string * jv * is java It is equivalent to the character string (registered trademark).

  FIG. 1 shows a configuration of a terminal device according to an embodiment of the present invention. The terminal device of the present embodiment is configured as a device such as a smartphone in which Android (registered trademark) is mounted on the OS. As shown in FIG. 1, the terminal device includes an application 10, an API execution unit 11, an information acquisition unit 12, a security policy determination unit 13, a socket generation unit 14, an activation unit 15, an execution control unit 16, a notification unit 17, and a storage processing unit. 18, a storage unit 19, an input unit 20, a display unit 21, and a communication unit 22. The API execution unit 11, the information acquisition unit 12, the security policy determination unit 13, the socket generation unit 14, the activation unit 15, the execution control unit 16, the notification unit 17, and the storage processing unit 18 are examples of the API execution control device according to the present invention. An API execution control unit 30 is configured.

  The application 10 is an SMS client application or the like, and performs various processes defined as application processes. The API execution unit 11 executes the API 11a in response to a request from the application 10. The API 11a is an API (method) prepared by Android (registered trademark) which is an OS. The API execution unit 11 executes the API 11 a when receiving an execution request for the API 11 a from the application 10 and returns an execution result to the application 10.

  The information acquisition unit 12 acquires various types of information including information on a method for executing the API 11a when the application 10 calls and executes the API 11a. Information acquired by the information acquisition unit 12 is stored in the storage area of the security data SD in the storage unit 19 as context data CD. The security data SD is composed of a security policy SP (control information) and context data CD. The security policy SP is data including information indicating the control contents (executability and the like) of the API 11a for controlling the execution of the API 11a. The context data CD is data including information acquired by the information acquisition unit 12. The security data SD is stored in the storage unit 19 and is appropriately read from the storage unit 19 and referenced by the security policy determination unit 13, the activation unit 15, and the storage processing unit 18.

  The security policy determination unit 13 determines whether information related to the API 11a to be executed is registered in the security policy SP. When information is registered in the security policy SP, the security policy determination unit 13 gives the API execution unit 11 information based on the information registered in the security policy SP. If no information is registered in the security policy SP, the security policy determination unit 13 passes the processing to the socket generation unit 14.

  The socket generation unit 14 generates a socket SK for storing information input by the user via the input unit 20. The activation unit 15 activates the notification unit 17 and the storage processing unit 18 that are normally stopped. The execution control unit 16 controls the execution of the API 11 a based on information input by the user via the input unit 20. The notification unit 17 performs processing for notifying the user that the application 10 is about to execute the API 11a. The storage processing unit 18 performs processing for storing information input by the user via the input unit 20 in the security policy SP and the socket SK.

  The storage unit 19 includes a memory, and stores an OS program, application programs, various data used by the terminal device, and the like. The input unit 20 includes keys and buttons operated by the user, and notifies the storage processing unit 18 of information input by the user. The display unit 21 displays the result of processing by the notification unit 17 and the like. The communication unit 22 communicates with an external communication device. The application 10 performs communication via the communication unit 22 as necessary.

  The API execution unit 11, the information acquisition unit 12, the security policy determination unit 13, the socket generation unit 14, the activation unit 15, and the execution control unit 16 operate in an application framework (AplicationFramework) layer provided by Android (registered trademark). The notification unit 17 and the storage processing unit 18 operate in the application layer. In the OS program of this embodiment, new code is added to the code defining the existing class provided by the application framework.

  Specifically, a code that defines the processing executed by the API execution unit 11 and the information acquisition unit 12 is added to the code of the class (TelephonyManager class or the like) that defines the API to be controlled in this embodiment. ing. In addition, a security policy determination unit 13 and a socket generation unit 14 for the PackageManagerService class code that manages installation and uninstallation of an application and determines whether or not an appropriate permission is granted to the application. A code for defining processing executed by each unit of the activation unit 15 and the execution control unit 16 is added. The notification unit 17 and the storage processing unit 18 are each configured as a part of an application, and the application program includes a code that defines the processing executed by the notification unit 17 and the storage processing unit 18.

  The OS program of the present embodiment and the application programs constituting the notification unit 17 and the storage processing unit 18 are recorded on a computer-readable recording medium, and the program recorded on the recording medium is stored in a computer (this embodiment). By executing the API execution unit 11, the information acquisition unit 12, the security policy determination unit 13, the socket generation unit 14, the activation unit 15, the execution control unit 16, the notification unit 17, and the storage processing unit. 18 executes processing defined for each unit.

  Here, the “computer” includes a homepage providing environment (or display environment) if the WWW system is used. The “computer-readable recording medium” refers to a storage device such as a portable medium such as a flexible disk, a magneto-optical disk, a ROM, and a CD-ROM, and a hard disk built in the computer. Further, the “computer-readable recording medium” refers to a volatile memory (RAM) in a computer system that becomes a server or a client when a program is transmitted via a network such as the Internet or a communication line such as a telephone line. In addition, those holding programs for a certain period of time are also included.

  The program described above may be transmitted from a computer storing the program in a storage device or the like to another computer via a transmission medium or by a transmission wave in the transmission medium. Here, the “transmission medium” for transmitting a program refers to a medium having a function of transmitting information, such as a network (communication network) such as the Internet or a communication line (communication line) such as a telephone line. Further, the above-described program may be for realizing a part of the above-described function. Furthermore, what can implement | achieve the function mentioned above in combination with the program already recorded on the computer, what is called a difference file (difference program) may be sufficient.

  In the present embodiment, in order to speed up the processing linked with the API execution unit 11 and the information acquisition unit 12 implemented in the application framework layer, the security policy determination unit 13, the socket generation unit 14, the activation unit 15, the execution control Although the unit 16 is implemented in the application framework layer, the security policy determination unit 13, the socket generation unit 14, the activation unit 15, and the execution control unit 16 can be configured as applications.

  The API execution control unit 30 having the above configuration notifies the user when the application 10 tries to execute the predetermined API 11a, and executes the API 11a based on information input by the user via the input unit 20. To control. As a result, the user can grasp the operation of the application in advance and control the operation of the application at the time of the operation requiring permission.

  Next, components (components) of an application that operates on Android (registered trademark) will be described. There are four application components that run on Android (registered trademark): Activity, Service, BroadcastReceiver, and ContentProvider. When a component inherited by a class is described in the application source code, a method defined in the class can use the component. Hereinafter, each component will be described.

  Activity is a component that provides a visual interface to the user and interacts with the user on the screen. If the screen is displayed when the application is started, the program described in Activity is running.

  Service is a component that executes processing in the background without having a function of displaying a screen. For example, when the user activates a browser while listening to music and enjoys using the Internet, the user can listen to the music while using the Internet by activating the service for the music application.

  BroadcastReceiver is a component that receives INTENT (intent) broadcast to the entire system of a terminal device on which Android (registered trademark) is installed. For example, an application that displays a screen that includes the message “Remaining battery level is low” when the battery level is low, receives the BroadcastIntent issued when the battery level changes by the BroadcastReceiver. The application starts Activity and displays the screen.

  ContentProvider is a component that makes it possible for other components to use data held by the application. For example, when an application wants to acquire phonebook data, the application acquires information registered in the phonebook using the ContentProvider of the phonebook application.

  The notification unit 17 and the storage processing unit 18 of this embodiment are configured by Activity. By using a method (API) of the AlertDialog class provided by the Android (registered trademark) application framework, a dialog called an alert dialog can be displayed easily. However, when the API execution unit 11 calls the method of the AlertDialog class to display the alert dialog when the application 10 tries to execute the API 11a, there are the following problems.

  In the specification of Android (registered trademark), when the application 10 is operated by Activity and the API 11a is called and executed, an alert dialog can be displayed. However, the application 10 is operated by Service and the API 11a is called. An alert dialog cannot be displayed when attempting to execute. In the present embodiment, the notification unit 17 configured by Activity having a screen display function performs screen display, so that even when the application 10 is operated by Service, the user can be notified.

  Next, the operation of the terminal device of this embodiment will be described. When the application 10 calls the API 11a, the API execution unit 11 detects that the API 11a has been called and intervenes in the execution of the API 11a (hooks the API 11a).

  FIG. 2 shows a list of APIs to be hooked. In the present embodiment, the TelephonyManager class, LocationManager class, PackageManagerService class, ContextImple class, SmsManager class, and ContentResolver class API are hooked. The API shown in FIG. 2 is an example, and the present invention is not limited to this. Although the API is a method, the method shown in FIG. 2 is described as an API in order to distinguish the method focused in this embodiment from other methods.

  The target of hook in the API of the TelephonyManager class is getDeviceId to obtain the IMEI (International Mobile Equipment Identity) which is the ID for identifying the device, getDeviceSoftwareVersion to obtain the application version of the device, and the phone number of the device getLine1Number, getSimSerialNumber that obtains the SIM (Subscriber Identity Module) serial number, and getSubscriberId that obtains IMSI (International Mobile Subscriber Identity), which is the SIM unique number.

  The target of hooking in the LocationManager class API is getLastKnownLocation, LocationListener, and requestLocationUpdates that acquire location information. The target of the hook in the API of the PackageManagerService class is CheckUidPermission that determines whether or not appropriate permission is granted to the application. The target of hooking in the API of the ContextImple class is getInstallPackages that acquires information indicating a list of applications installed in the terminal.

  The subject of hooking in the SmsManager class API is sendTextMessage that sends a message by SMS. The target of hooking in the API of the ContentResolver class is a Cursor that accesses a database in memory to obtain information.

  In this embodiment, each API of the TelephonyManager class and the LocationManager class is described as an information acquisition API, and CheckUidPermission of the PackageManagerService class is described as a permission determination API. In this embodiment, getInstallPackages of the ContextImple class is described as a list acquisition API, sendTextMessage of the SmsManager class is described as an external transmission API, and a Cursor of the ContentResolver class is described as a database reference API.

  In FIG. 1, only one API execution unit 11 and API 11a are depicted, but it is assumed that there are a plurality of sets (the same number as the above API) of API execution units 11 and APIs 11a. For example, when the application 10 calls the information acquisition API, the API execution unit 11 corresponding to the API 11a processes the API 11a that is the information acquisition API among the APIs 11a that are prepared, and the application 10 determines the permission. When the API is called, the API execution unit 11 corresponding to the API 11a performs processing regarding the execution of the API 11a which is the permission determination API among the plurality of APIs 11a prepared.

  When the application 10 calls a predetermined API 11a, the API execution unit 11 executes the processing shown in FIG. First, the API execution unit 11 instructs the information acquisition unit 12 to execute a process before executing the API 11a (step S100). Subsequently, the API execution unit 11 receives the processing result from the security policy determination unit 13 or the execution control unit 16, and controls the execution of the API 11a by executing a process according to the processing result (step S105). Details of the processing performed in step S105 will be described later. Subsequently, the API execution unit 11 returns an execution result to the application 10 (step S110).

  Receiving the instruction from the API execution unit 11, the information acquisition unit 12 executes the process shown in FIG. First, the information acquisition unit 12 executes the getPackageName method of the Context class to acquire the package name in order to identify the package name (package name) of the application 10 that has called the API 11a (step S200). In Android (registered trademark), applications are published in the form of package files. The package file is, for example, a file with an extension of .apk, an execution code including an instruction sequence (for example, the extension is .dex), a manifest file in which the authority used by the application is defined (for example, the extension is .xml), Includes image files used by the application (for example, the extension is .jpg).

  Subsequently, the information acquisition unit 12 executes the currentMillis method of the System class in order to analyze the situation in which the API 11a is executed, acquires the time when the API 11a is called, and the getStacktrace method of the Throwable class Is executed to obtain an array of the StackTraceElement class in which the class name, method name, file name, and line number are stored (step S205).

  The class name stored in the array acquired in step S205 is the name of the class that defines the method that called the API. The class name is obtained by executing the getClassName method of the StackTraceElement class. The method name stored in the array acquired in step S205 is the name of the method that called the API. The method name is obtained by executing the getMethodName method of the StackTraceElement class. The file name stored in the array acquired in step S205 is the name of the source file in which the code for executing the method that called the API is described. The file name is obtained by executing the getFileName method of the StackTraceElement class. The line number stored in the array acquired in step S205 is the line number in the source file in which the code for executing the method that called the API is described. The line number is obtained by executing the getLineNumber method of the StackTraceElement class.

  Each time a method is called, the method information is stored as a stack trace in a stack area (stack frame) in memory. Information such as the class name is acquired from the stack trace by each method such as the getClassName method described above.

  Subsequently, the information acquisition unit 12 instructs the security policy determination unit 13 to perform processing (step S210). At this time, the information acquisition unit 12 gives the information acquired in steps S200 and S205 to the security policy determination unit 13.

  Upon receiving the instruction from the information acquisition unit 12, the security policy determination unit 13 executes the process shown in FIG. First, the security policy determination unit 13 uses the information given from the information acquisition unit 12 (information acquired by the information acquisition unit 12 in steps S200 and S205) as the context data CD, and the storage area of the security data SD in the storage unit 19 (Step S300).

  FIG. 6 shows an example of information excluding the time when the API 11a is called out of the information acquired by the information acquisition unit 12 in step S205. In FIG. 6, for convenience, information of one method (API) is divided into four lines, and a line number is given to the head of each line. One information group is constituted by the information in units of four lines in FIG. An information group st [0] composed of information on the first to fourth lines includes information on the called API 11a. The character string “getDeviceId” following “getMethodName () =” on the fourth line indicates the method name of the API 11 a.

  An information group st [1] composed of information on the 5th to 8th lines includes information on a method that calls the API 11a (getDeviceId). The character string “jp.sample.app.Sample” following “getClassName () =” on the fifth line indicates the name (class name) of the class in which the method that calls the API 11 a is defined. The class name is shown as a combination of a package name and a class name. For example, “jp.sample.app” of “jp.sample.app.Sample” described in the fifth line is a package name, and “Sample” is a name of a single class. The character string “Sample. * Jv *” following “getFileName () =” on the sixth line is the name (file name) of the source file in which the code for executing the method calling the API 11 a is described. The number 27 following “getLineNumber () =” on the seventh line indicates the line number in the source file in which the code for executing the method calling the API 11 a is described. The character string “onCreate” following “getMethodName () =” on the eighth line indicates the name of the method (method name) that calls the API 11 a.

  The source file corresponding to the file name indicated by the information group st [1] is the source file of the application 10 that called the API 11a. That is, the information included in the information group st [1] is information on a method described in the source file of the application 10 that has called the API 11a.

  FIG. 7 shows an example of source code in which a method that calls the API 11a is described. This source code is a code described in a source file whose file name is “Sample. * Jv *” included in the information group st [1]. In this source code, the onCreate method ("onCreate" included in the information group st [1]) defined in the Sample class (corresponding to "jp.sample.app.Sample" included in the information group st [1]) The getDeviceId method (API 11a) indicated by the information group st [0] is called. The code for calling the getDeviceId method is described in the 27th line corresponding to the line number included in the information group st [1].

  The information group st [2] composed of information on the 9th to 12th lines in FIG. 6 includes information on a method that called the onCreate method indicated by the information group st [1]. The character string “* andrd * .app.ActivityThread” following “getClassName () =” on the ninth line indicates the name (class name) of the class in which the method that called the onCreate method is defined. “* Andrd * .app” of “* andrd * .app.ActivityThread” described in the ninth line is a package name, and “ActivityThread” is a name of a single class. The character string “ActivityThread. * Jv *” following “getFileName () =” on the 10th line is the name (file name) of the source file in which the code for executing the method that called the onCreate method is described. The number 1945 following “getLineNumber () =” on the eleventh line indicates the line number in the source file in which the code for executing the method that called the onCreate method is described. The character string “handleCreateService” following “getMethodName () =” on the 12th line indicates the name (method name) of the method that called the onCreate method.

  FIG. 8 shows an example of source code in which a method that calls the onCreate method is described. This source code is a code described in a source file whose file name is “ActivityThread. * Jv *” included in the information group st [2]. In this source code, the handleCreateService method (corresponding to “* andrd * .app.ActivityThread” included in the information group st [2]) defined in the activityThread class (“handleCreateService” included in the information group st [2]) The onCreate method indicated by the information group st [1] is called. The code for calling the onCreate method is described in the 1945th line corresponding to the line number included in the information group st [2].

  As described above, the information of the information group st [n + 1] includes information of a method that calls a method (API) indicated by the information group st [n] (n is an integer of 0 or more). The same applies to the information groups st [3] to st [7] in FIG. In FIG. 6, information such as a method that calls a method indicated by the information group st [7] is omitted. The combination of the information shown in FIG. 6, the time when the API 11a is called, and the package name acquired by the information acquisition unit 12 in step S200 is stored as context data CD.

  In this embodiment, each time the API 11a is called from the application 10, one context data CD is generated and stored. For example, when the second API is called after the first API is called, the context data CD related to the first API is generated and stored when the first API is called, and then the second API is called. When the API is called, context data CD relating to the second API is generated and stored.

  Each context data CD is distinguished by the time included in the context data CD. Alternatively, an ID such as a sequence number may be assigned to each context data CD, and each context data CD may be distinguished by the ID. Each context data CD includes information of a plurality of information groups (for example, information groups st [0], st [1], st [2]) among the above information groups. The context data CD includes identification information for identifying each information group (for example, a character string such as st [0]), and each information group is distinguished by this identification information.

  After saving the information given from the information acquisition unit 12 as context data CD, the security policy determination unit 13 reads the security policy SP from the storage area of the security data SD in the storage unit 19 (step S305). Subsequently, the security policy determination unit 13 determines whether information regarding the called API 11a is registered in the security policy SP (step S310).

  Registered in the security policy SP is a set of API 11a execution control information, package name, and class name, method name, and line number of the information group st [1] included in the context data CD. A plurality of sets of this set of information can be registered in the security policy SP as a registration unit. As will be described later, the storage processing unit 18 registers information for the security policy SP.

  The execution control information of the API 11a is information indicating either permission of API execution, rejection of API execution, or use of dummy information. The dummy information is false information that is returned to the application 10 when the information acquisition API is called by the application 10 as the API 11a. For example, when the API 11a for acquiring position information is called, information on a position different from the current position of the terminal device is returned to the application 10 as dummy information.

  A set in which a part of information given from the information acquisition unit 12 (package name, class name, method name, and line number of the information group St [1] included in the context data CD) is registered in the security policy SP. Information (package name, class name, method name, line number), information on the called API 11a is registered in the security policy SP. A part of the information given from the information acquisition unit 12 (package name, class name, method name, and line number of the information group St [1] included in the context data CD) is registered in the security policy SP. If none of the set of information (package name, class name, method name, line number) matches, the information about the called API 11a is not registered in the security policy SP.

  When the information regarding the called API 11a is registered in the security policy SP, the security policy determination unit 13 determines whether the execution control information registered in the security policy SP regarding the called API 11a indicates the use of dummy information. Is determined (step S315). When the execution control information indicates the use of dummy information, the security policy determination unit 13 gives the API execution unit 11 information indicating that the dummy information is used by the API 11a (step S320). The API execution unit 11 executes processing based on the information given from the security policy determination unit 13 (step S105 in FIG. 3). At this time, the API execution unit 11 acquires dummy information by executing an API that reads information from a predetermined location as a dummy information storage location, for example.

  If the execution control information does not indicate the use of dummy information, the security policy determination unit 13 determines whether or not the execution control information indicates that API execution is permitted (step S330). If the execution control information indicates that API execution is permitted, the security policy determination unit 13 provides the API execution unit 11 with information indicating that execution of the API 11a is permitted (step S335). The API execution unit 11 causes the API 11a to execute a process based on the information given from the security policy determination unit 13 (step S105 in FIG. 3).

  Further, when the execution control information does not indicate permission of API execution, the execution control information indicates rejection of API execution. In this case, the security policy determination unit 13 gives the API execution unit 11 information indicating that the execution of the API 11a is rejected (step S340). The API execution unit 11 stops the processing of the API 11a based on the information given from the security policy determination unit 13 (step S105 in FIG. 3).

  In step S310, when the information regarding the called API 11a is not registered in the security policy SP, the security policy determination unit 13 instructs the socket generation unit 14 to perform processing (step S325).

  In the security policy SP of this embodiment, not only the method name but also the package name, class name, and line number are associated with the execution control information. As a result, the API 11a, such as from which application the API 11a is called, from which method the API 11a is called from which method is defined, and from which position in the source file the API 11a is called The execution of the API 11a can be controlled in accordance with the detailed situation when is executed.

  Upon receiving an instruction from the security policy determination unit 13, the socket generation unit 14 executes the process shown in FIG. First, the socket generation unit 14 generates a socket SK for storing information input by the user via the input unit 20 (step S400). As an example, a Unix (registered trademark) domain socket can be generated by giving a String type name when initializing an instance of the LocalServerSocket class. The storage area of the storage unit 19 is used for the socket SK. The socket generation unit 14 that has generated the socket SK instructs the activation unit 15 to perform processing (step S405). At this time, the socket generation unit 14 notifies the activation unit 15 of address information for identifying the generated socket SK.

  Upon receiving the instruction from the socket generation unit 14, the activation unit 15 executes the process illustrated in FIG. First, the activation unit 15 reads the context data CD from the storage area of the security data SD in the storage unit 19 (step S500). The context data CD read at this time is the context data CD related to the API 11a that was called most recently (last). The context data CD having the latest time included in the context data CD is the context data CD related to the API 11a that has been called most recently. Alternatively, when a sequence number is assigned to each context data CD, the context data CD related to the API 11a that is called most recently may be identified from the sequence number.

  Subsequently, the activation unit 15 issues an Activity intent including the address information notified from the socket generation unit 14, and activates the notification unit 17 and the storage processing unit 18 (step S505). Since the intent for starting the notification unit 17 and the storage processing unit 18 includes the address information of the socket SK, the information can be efficiently notified to the notification unit 17 and the storage processing unit 18. Subsequently, the activation unit 15 instructs the execution control unit 16 to perform processing (step S510).

  The activated notification unit 17 executes the process shown in FIG. First, the notification unit 17 displays a message on the display unit 21 indicating that the API 11a is about to be executed (step S600). At this time, for example, a pop-up window is displayed, and a message is displayed in the pop-up window. Subsequently, the notification unit 17 instructs the storage processing unit 18 to perform processing (step S605).

  In order to explicitly notify the user of the type of the application 10 that is about to execute the API 11a and the type of the API 11a to be executed, information for identifying the application 10 or the API 11a may be included in the message. In this case, for example, the intent issued by the activation unit 15 includes the package name included in the context data CD and the method name of the information group St [0], and the package name and the method name are displayed together with the message.

  FIG. 12 shows an example of the displayed message. A window 210 is displayed on the screen of the display unit 21. In the window 210, a message including the package name (Maps) of the application 10 that is going to execute the API 11a and the method name (requestLocationUpdates) of the API 11a to be executed is displayed, and which application 10 is about to execute which API 11a. Is notified to the user.

  In the window 210, buttons 211 and 212 for the user to select permission / rejection of API execution are displayed. When the user operates the button 211 using the input unit 20, information indicating that API execution is permitted is input. When the user operates the button 212 using the input unit 20, the API execution is performed. Information indicating rejection is input. In FIG. 12, a button for selecting permission / rejection of use of dummy information is not displayed, but may be displayed.

  In the window 210, a check box 213 for the user to select whether or not to register the input information in the security policy SP is displayed. When the user checks the check box 213 using the input unit 20, the input information is registered in the security policy SP, and when the same API 11a is executed next, execution of the API 11a is controlled based on the security policy SP. Is done.

  Upon receipt of the instruction from the notification unit 17, the storage processing unit 18 executes the process shown in FIG. First, the storage processing unit 18 starts monitoring information input via the input unit 20 (step S700). After the message is displayed by the notification unit 17, the input unit 20 is operated by the user who has confirmed the message, and information indicating one of permission of API execution, rejection of API execution, and use of dummy information is input. . The storage processing unit 18 determines whether information is input by the user via the input unit 20 (step S705). If no information is input, the storage processing unit 18 repeats the determination in step S705.

  When the information is input, the storage processing unit 18 displays the execution control information that is input by the user and indicates one of API execution permission, API execution denial, and dummy information use. Is stored in the socket SK indicated by the address information notified by the intent issued by (step S710). Subsequently, the storage processing unit 18 determines whether or not to register information in the security policy SP (step S715).

  If an instruction to register information in the security policy SP has not been input by the user, the storage processing unit 18 ends the process. Further, when an instruction to register information in the security policy SP is input by the user, the storage processing unit 18 reads the context data CD related to the API 11a that has been called most recently from the storage area of the security data SD in the storage unit 19 ( Step S720). The storage processing unit 18 includes the package name, the class name, the method name, the line number of the information group st [1] among the information included in the read context data CD, and the API execution permission input by the user. The execution control information indicating either API rejection or dummy information usage is stored in the storage area of the security data SD in the storage unit 19 as the security policy SP (step S725). After completion of the above processing, the user notification unit 17 and the storage processing unit 18 stop operating.

  The execution control unit 16 that has received an instruction from the activation unit 15 executes the process shown in FIG. First, the execution control unit 16 starts monitoring the socket SK (step S800). Subsequently, the execution control unit 16 determines whether or not execution control information is stored in the socket SK (step S805). If the execution control information is not stored in the socket SK, the execution control unit 16 repeats the determination in step S805.

  If execution control information is stored in the socket SK, the execution control unit 16 reads the execution control information from the socket SK (step S810). Subsequently, the execution control unit 16 determines whether or not the execution control information read from the socket SK indicates use of dummy information (step S815). If the execution control information indicates the use of dummy information, the execution control unit 16 provides the API execution unit 11 with information indicating that the API 11a uses the dummy information (step S820). The API execution unit 11 executes processing based on the information given from the execution control unit 16 (step S105 in FIG. 3). At this time, the API execution unit 11 acquires dummy information by executing an API that reads information from a predetermined location as a dummy information storage location, for example.

  If the execution control information does not indicate use of dummy information, the execution control unit 16 determines whether or not the execution control information indicates permission to execute the API (step S825). If the execution control information indicates permission to execute the API, the execution control unit 16 provides the API execution unit 11 with information indicating that the execution of the API 11a is permitted (step S830). The API execution unit 11 causes the API 11a to execute a process based on the information given from the execution control unit 16 (step S105 in FIG. 3).

  Further, when the execution control information does not indicate permission of API execution, the execution control information indicates rejection of API execution. In this case, the execution control unit 16 gives the API execution unit 11 information indicating that the execution of the API 11a is rejected (step S835). The API execution unit 11 stops the processing of the API 11a based on the information given from the execution control unit 16 (step S105 in FIG. 3).

  As described above, the API execution control unit 30 notifies the user when the application 10 tries to execute the predetermined API 11a, and executes the API 11a based on information input by the user via the input unit 20. To control. As a result, the user can grasp the operation of the application in advance and control the operation of the application at the time of the operation requiring permission. Further, when a predetermined API 11a is called again by the same application 10, the API execution control unit 30 controls the execution of the API 11a based on the execution control information registered in the security policy SP. As a result, it is possible to omit the confirmation work that can be troublesome for the user.

  Next, among the elemental technologies used in the present embodiment, the contents of other elemental technologies not described above will be described.

  As described above, the code that defines the processing executed by the API execution unit 11 and the information acquisition unit 12 is added to the code of the class (TelephonyManager class or the like) that defines the API to be controlled in this embodiment. ing. The API execution unit 11 and the information acquisition unit 12 perform processing in the same process as the application 10 when the application 10 calls the API 11a.

  Further, as described above, the processing executed by the security policy determination unit 13, the socket generation unit 14, the activation unit 15, and the execution control unit 16 is defined for the code of the PackageManagerService class provided by the application framework. The code to be added has been added. Thereby, each part of the security policy determination part 13, the socket production | generation part 14, the starting part 15, and the execution control part 16 processes by the same process. Further, as described above, an application program including a code that defines processing executed by the notification unit 17 and the storage processing unit 18 is prepared. Thereby, the notification unit 17 and the storage processing unit 18 perform processing in the same process.

  In Android (registered trademark), an ID that is different for each process, usually called UID (User ID), is given to the process, and resources cannot be shared between processes with different UIDs. In order to share the security data SD, the security policy determination unit 13, the socket generation unit 14, the activation unit 15, the execution control unit 16, the notification unit 17, and the storage processing unit 18 are given the same UID. Process in the same process.

  In the present embodiment, in order to prevent the application 10 from directly accessing the security data SD and tampering with the contents of the security data SD, the process of the application 10, the security policy determination unit 13, the socket generation unit 14, the activation unit 15, Different UIDs are given to the processes of the execution control unit 16, the notification unit 17, and the storage processing unit 18. Further, the process of the application 10 is not given permission to access the security data SD, and the security policy determination unit 13, socket generation unit 14, activation unit 15, execution control unit 16, notification unit 17, storage processing unit 18. This process is given permission to access the security data SD. As described above, the security of the security data SD can be improved.

  As a mechanism for giving the same UID as described above, there is a mechanism called sharedUserId. PackageManagerService class that realizes the functions of the security policy determination unit 13, the socket generation unit 14, the activation unit 15, and the execution control unit 16 when a package file of an application that realizes the functions of the notification unit 17 and the storage processing unit 18 is generated. The code of sharedUserId that uses the same UID as the UID used in this code is described in the manifest file included in the application source file.

  Next, after signing all the source files of the application using the same key (platform key) used when assembling (compiling) the code of the PackageManagerService class, assemble and generate a package file To do. Thereby, the same UID as the UID given to the security policy determination unit 13, the socket generation unit 14, the activation unit 15, and the execution control unit 16 can be given to the notification unit 17 and the storage processing unit 18. Therefore, the security policy determination unit 13, the socket generation unit 14, the activation unit 15, the execution control unit 16, the notification unit 17, and the storage processing unit 18 can perform processing in the same process and share the security data SD. Also, the socket SK can be shared.

  In the present embodiment, the security policy determination unit 13, the socket generation unit 14, the activation unit 15, and the execution control unit 16 operate in the background after the terminal device is activated. Therefore, the security policy determination unit 13, the socket generation unit 14, the activation unit 15, and the execution control unit 16 are operating in the background even while the application 10 is operating.

  When information related to the API 11a called by the application 10 is registered in the security policy SP, the execution of the API 11a is controlled based on the execution control information registered in the security policy SP without confirmation by the user. The This shortens the time during which the processing by the application 10 is interrupted and improves the processing speed. Further, the security policy determination unit 13, the socket generation unit 14, the activation unit 15, and the execution control unit 16 operate in the background, so that the security policy determination unit 13, the socket generation unit 14, the activation unit 15, and the execution control unit 16 Since the time required for activation can be omitted, the processing speed is further improved.

  Next, an example in which the above control is applied to each API to be controlled in this embodiment will be described.

(1) Application to information acquisition API Conventionally, there is a problem that an operation of an application using information cannot be completely controlled by permission. For example, READ_PHONE_STATE, which is a permission for acquiring information in the terminal, restricts access to various information such as IMEI, telephone number, and IMSI. For users, it is afraid that their phone number is known to the application developer, so access to the phone number is not allowed, but access to IMEI may be allowed. However, in the mechanism that restricts the operation of the application based on the permission, there is no mechanism for individually controlling access to each piece of information. In addition, access to information such as a list of installed applications is not limited by permissions, and there is information that cannot be controlled. By individually applying the control described in the present embodiment to each information acquisition API such as getDeviceId that is an API for acquiring IMEI, the use can be limited for each information stored in the terminal.

(2) Application to permission determination API When an application executes an API that requires permission for execution, the OS determines whether or not the application has appropriate permission. Specifically, CheckUidPermission, which is a permission determination API, is executed to determine whether or not the application has appropriate permissions. By applying the control described in this embodiment to CheckUidPermission, the user can control the operation of an application that requires permission.

(3) Application to List Acquisition API There is no permission restriction on getInstallPackages, which is an API that acquires information indicating a list of applications installed in the terminal. In this way, when it is desired to restrict the execution of an API that is not restricted by permissions, the control described in the present embodiment may be applied. By applying the control described in this embodiment to getInstallPackages, the user can control the operation in which the application acquires information indicating a list of applications installed in the terminal.

(4) Application to external transmission API By applying the control described in this embodiment to sendTextMessage, which is an external transmission API, the SMS client application behaves normally, regardless of the user's intention. Even when information is illegally transmitted to the outside in the background, the user can know that an operation that may lead to information leakage is being performed. Even if the user accidentally presses the button to send a message, a message for confirming whether or not to perform the transmission operation is displayed. Therefore, if the user makes an erroneous operation, the transmission operation is canceled. can do.

(5) Application to database reference API Information such as a phone book (address book) and a call history is managed in a database called a content provider. When acquiring information from a content provider, an application specifies information called URI indicating an access destination in the database (a position in the database accessed by the database reference API) as an argument of Cursor that is a database reference API. The argument varies depending on the information of the access destination.

  FIG. 15 shows an example of an argument of Cursor. com. * andrd * .contactcontacts is an argument specified when accessing the phone book. call_log is an argument specified when accessing the call history. browser is an argument specified when accessing the bookmark. sms is an argument specified when accessing the SMS message body. com. * andrd * .calendar is an argument that is specified when accessing the calendar. By applying the control described in this embodiment for each argument specified by Cursor, the use can be limited for each information stored in the database.

  FIG. 16 shows the operation of the API execution unit 11 corresponding to the Cursor. First, the API execution unit 11 confirms the content of information specified as an argument of Cursor (step S900). Subsequently, the API execution unit 11 determines whether or not the designated argument is com. * Andrd * .contactcontacts, that is, whether or not access to the telephone directory is requested (step S905). If the specified argument is com. * Andrd * .contactcontacts, the process proceeds to step S910.

  If the specified argument is not com. * Andrd * .contactcontacts, the API execution unit 11 determines whether the specified argument is call_log, that is, whether access to the call history is requested. (Step S925). If the specified argument is call_log, the process proceeds to step S910.

  If the specified argument is not call_log, the API execution unit 11 determines whether the specified argument is a browser, that is, whether access to the bookmark is requested (step S930). If the specified argument is browser, the process proceeds to step S910.

  If the designated argument is not a browser, the API execution unit 11 determines whether the designated argument is sms, that is, whether access to the text of the SMS message is requested (step S935). ). If the specified argument is sms, the process proceeds to step S910.

  If the specified argument is not sms, the API execution unit 11 determines whether the specified argument is com. * Andrd * .contactcontacts, that is, whether access to the calendar is requested. (Step S940). If the specified argument is com. * Andrd * .contactcontacts, the process proceeds to step S910. If the designated argument is not com. * Andrd * .contactcontacts, the process proceeds to step S945.

  When the process proceeds to step S910, the API execution unit 11 instructs the information acquisition unit 12 to execute the process before executing the API 11a (step S910). Subsequently, the API execution unit 11 receives the processing result from the security policy determination unit 13 or the execution control unit 16, and controls the execution of the API 11a by executing a process according to the processing result (step S915). Subsequently, the API execution unit 11 returns an execution result to the application 10 (step S920).

  When the process proceeds to step S945, the API execution unit 11 causes the API 11a to execute the process (step S945). Subsequently, the API execution unit 11 returns an execution result to the application 10 (step S920).

  As described above, according to the present embodiment, when an operation that an application tries to execute an API is detected, the user is notified, and the execution of the API is controlled based on information input by the user. Is done. As a result, the user can grasp the operation of the application in advance and control the operation of the application.

  Further, API execution is controlled based on execution control information registered in the security policy SP. Accordingly, it is possible to prevent frequent confirmation work that may be troublesome for the user.

  The same UID is given to the security policy determination unit 13, the socket generation unit 14, the activation unit 15, the execution control unit 16, the notification unit 17, and the storage processing unit 18. Accordingly, the security policy determination unit 13, the socket generation unit 14, the activation unit 15, the execution control unit 16, the notification unit 17, and the storage processing unit 18 can perform processing in the same process and share the security data SD.

  Different UIDs are assigned to the application 10, the security policy determination unit 13, the socket generation unit 14, the activation unit 15, the execution control unit 16, the notification unit 17, and the storage processing unit 18. In addition, the process of the application 10 is not given authority to access the security data SD, and the security policy determination unit 13, the socket generation unit 14, the activation unit 15, the execution control unit 16, the notification unit 17, and the storage processing unit The process 18 is given the authority (permission) to access the security data SD. As a result, the application 10 can be prevented from accessing the security data SD.

  In addition, the processing speed is improved by the security policy determination unit 13, the socket generation unit 14, the activation unit 15, and the execution control unit 16 operating in the background.

  Further, by controlling the execution of the API according to the argument of the database reference API, it is possible to restrict the use for each piece of information stored in the database.

  Further, the notification unit 17 configured by Activity notifies the user, so that the user can be notified even when the application 10 is operated by Service.

  In addition, since the address information of the socket SK is included in the intent issued by the activation unit 15 to activate the notification unit 17 and the storage processing unit 18, the information is efficiently notified to the notification unit 17 and the storage processing unit 18. be able to.

  As described above, the embodiments of the present invention have been described in detail with reference to the drawings. However, the specific configuration is not limited to the above-described embodiments, and includes design changes and the like without departing from the gist of the present invention. .

  DESCRIPTION OF SYMBOLS 10 ... Application, 11 ... API execution part (detection part), 12 ... Information acquisition part, 13 ... Security policy determination part, 14 ... Socket generation part, 15 ... Starting part, 16 ... execution control unit (control unit), 17 ... notification unit, 18 ... storage processing unit, 19 ... storage unit, 20 ... input unit, 21 ... display unit, 22. ..Communication unit, 30 ... API execution control unit

Claims (11)

A detection unit that detects an operation of an application to execute an API (Application Program Interface);
A notification unit for notifying a user when the operation is detected;
After the notification unit notifies the user, based on information input by the user, a control unit that controls execution of the API;
An API execution control device comprising: A storage unit for storing control information indicating control contents of execution of the API;
A storage processing unit that stores information input by the user as the control information in the storage unit after the notification unit notifies the user;
The control unit controls execution of the API based on information input by the user after the notification unit notifies the user, and is stored in the storage unit when the operation is detected again. The API execution control apparatus according to claim 1, wherein execution of the API is controlled based on the control information. When the operation is detected, further comprising an information acquisition unit for acquiring information of a method for executing the API,
The storage processing unit stores the information input by the user after the notification unit notifies the user and the method information in the storage unit as the control information,
The control unit controls execution of the API based on information input by the user after the notification unit notifies the user, and is acquired by the information acquisition unit when the operation is detected again. The API execution according to claim 2, wherein the control information including the same information as the method information is read from the storage unit, and the execution of the API is controlled based on the read control information. Control device.   After the notification unit notifies the user, the control unit permits execution of the API only when information input by the user indicates permission to execute the API, and the operation is detected again. 3. The API execution control device according to claim 2, wherein, when the control information stored in the storage unit indicates permission to execute the API, the API execution control device is permitted. .   When the information input by the user indicates that the dummy information is used after the notification unit notifies the user, the control unit displays the dummy information as the execution result of the API. If the control information stored in the storage unit indicates that dummy information is used when the API is controlled to be returned to and the operation is detected again, the execution result of the API The API execution control apparatus according to claim 2, wherein the API is controlled so that the dummy information is returned to the application.   The API execution control device according to any one of claims 2 to 5, wherein the same UID (User ID) is given to the storage processing unit and the control unit. The application and the detection unit perform processing in the same process,
Different UID (User ID) is given to the application and the storage processing unit and the control unit,
The API according to claim 6, wherein an authority to access the control information stored in the storage unit is not given to the application, but is given to the storage processing unit and the control unit. Execution control device.   The API execution control apparatus according to any one of claims 2 to 7, wherein the control unit is operating in the background during the operation of the application. The API is an API for acquiring information corresponding to a specified argument from a database,
The said notification part notifies a user when the said operation | movement is detected and the predetermined | prescribed argument is designated at the time of the said operation | movement. API execution control device described in 1.   The notification unit is an application that operates on an OS having at least one of Activity, Service, BroadcastReceiver, and ContentProvider as a component of an application, and is an application having the Activity as a component. The API execution control device according to any one of claims 1 to 9. A detection unit that detects an operation of an application to execute an API (Application Program Interface);
A notification unit for notifying a user when the operation is detected;
After the notification unit notifies the user, based on information input by the user, a control unit that controls execution of the API;
As a program to make the computer function as.

Images