WO2015081834A1 - Method and apparatus for distinguishing software types - Google Patents

Method and apparatus for distinguishing software types Download PDF

Info

Publication number
WO2015081834A1
WO2015081834A1 PCT/CN2014/092755 CN2014092755W WO2015081834A1 WO 2015081834 A1 WO2015081834 A1 WO 2015081834A1 CN 2014092755 W CN2014092755 W CN 2014092755W WO 2015081834 A1 WO2015081834 A1 WO 2015081834A1
Authority
WO
WIPO (PCT)
Prior art keywords
software
application
integrated
listing
integrated software
Prior art date
Application number
PCT/CN2014/092755
Other languages
French (fr)
Inventor
Zefeng HUANG
Original Assignee
Tencent Technology (Shenzhen) Company Limited
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Tencent Technology (Shenzhen) Company Limited filed Critical Tencent Technology (Shenzhen) Company Limited
Publication of WO2015081834A1 publication Critical patent/WO2015081834A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F8/00Arrangements for software engineering
    • G06F8/60Software deployment

Definitions

  • the present disclosure relates to the field of computer technologies, and in particular, to a method and apparatus for distinguishing software types.
  • Software is an interface between a user and hardware. The user communicates with a computer mainly through software. Software is an important basis for computer system design. Generally, software is classified into system application software and user-installed software; or classified into deletable software and undeletable software.
  • the user-installed software refers to a software package installed by a user, which is generally installed under a /data/app directory, and because deleting the software does not affect whether a device can be used, the software can be deleted.
  • the system application software is an indispensible part of an operating system, and because deleting the software may cause a certain important function to be unavailable, or even lead to breakdown of the entire system, the software is generally undeletable ( “undeletable” means that deletion has unintended consequences to the user regarding normal usage of the device) .
  • the system application software is generally saved in a /system/app directory
  • the /system/app directory may generally include the system application software, and software developed by a manufacturer or a Read-Only Memory (Rom) developer for enriching system functions; such software is called built-in application software.
  • Rom Read-Only Memory
  • Built-in application software software of such a type is also saved in the /system/app directory, and includes various types of software built in by a manufacturer or a Rom developer for a certain purpose before leaving the factory or during Rom integration; the software may be undesired by a user, occupies space when existing in the system, and slows down the running speed of the system. The user can delete the software in the case of having permission, and deletion of the software may not affect stability of the system.
  • a system classifies software into two large classes, namely, user-installed software and system-integrated software, a package of user-installed software is saved under a /data/app directory, and the user can delete the package freely; a package of system-integrated software is saved under a /system/app directory, the user has no permission to delete the software, and if the user wants to delete the software, the user must obtain a Root (superuser) permission.
  • the system-integrated software may also be classified into system application software and (manufacturer or operator) built-in application software, it is very difficult for the user to distinguish such two small classes at present, in order to maintain cleaning of the system, some user, when obtaining the permission, may mistakenly delete some important system application software and cause a certain function to be unavailable, or even cause breakdown of the entire system.
  • a method of distinguishing software types is performed at a device (e.g., device 100, Figure 1) with one or more processors and memory.
  • the method includes: obtaining a listing of system-integrated software applications for software type determination, the listing of system-integrated software applications being a subset of all software applications currently installed on the device; for each software application in the listing of system-integrated software applications for software type determination, determining whether the system-integrated software application is system application software or built-in application software; and presenting a listing of built-in application software identified from the listing of system-integrated software applications, with a respective affordance for deleting each respective built-in application software in the listing of identified built-in application software.
  • a computing device e.g., device 100 ( Figure 1) or a component thereof (e.g., software manager 126, Figure 1) ) includes one or more processors and memory storing one or more programs for execution by the one or more processors, the one or more programs include instructions for performing, or controlling performance of, the operations of any of the methods described herein.
  • a non-transitory computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which, when executed by a computing device (e.g., device 100 ( Figure 1) or a component thereof (e.g., software manager 126, Figure 1) ) with one or more processors, cause the computing device to perform, or control performance of, the operations of any of the methods described herein.
  • a computing device e.g., device 100 ( Figure 1) or a component thereof (e.g., software manager 126, Figure 1)
  • Figure 1 is a block diagram of an exemplary user device in accordance with some embodiments.
  • Figure 2 is a flowchart of a method for distinguishing software types in accordance with some embodiments.
  • Figure 3 is a flowchart of a method for distinguishing software types in accordance with some embodiments.
  • Figure 4 is a flow chart of a method for distinguishing software types in accordance with some embodiments.
  • Figure 5 is a schematic structural diagram of an apparatus in accordance with some embodiments.
  • FIG. 1 is a block diagram illustrating a representative user device 100 in accordance with some embodiments.
  • User device 100 typically, includes one or more processing units (CPUs) 102, one or more network interfaces 104, memory 106, and one or more communication buses 108 for interconnecting these components (sometimes called a chipset) .
  • User device 100 also includes a user interface 110.
  • User interface 110 includes one or more output devices 112 that enable presentation of media content, including one or more speakers and/or one or more visual displays.
  • User interface 110 also includes one or more input devices 114, including user interface components that facilitate user input such as a keyboard, a mouse, a voice-command input unit or microphone, a touch screen display, a touch-sensitive input pad, a gesture capturing camera, or other input buttons or controls. Furthermore, some user devices 102 use a microphone and voice recognition or a camera and gesture recognition to supplement or replace the keyboard.
  • Memory 106 includes high-speed random access memory, such as DRAM, SRAM, DDR RAM, or other random access solid state memory devices; and, optionally, includes non-volatile memory, such as one or more magnetic disk storage devices, one or more optical disk storage devices, one or more flash memory devices, or one or more other non-volatile solid state storage devices. Memory 106, optionally, includes one or more storage devices remotely located from one or more processing units 102. Memory 106, or alternatively the non-volatile memory within memory 106, includes a non-transitory computer readable storage medium.
  • memory 106 stores the following programs, modules, and data structures, or a subset or superset thereof:
  • operating system 116 including procedures for handling various basic system services and for performing hardware dependent tasks
  • o network communication module 118 for connecting user device 100 to other computing devices (e.g., a test server and web servers for webpages) connected to one or more networks via one or more network interfaces 104 (wired or wireless) ;
  • computing devices e.g., a test server and web servers for webpages
  • network interfaces 104 wireless or wireless
  • o presentation module 120 for enabling presentation of information (e.g., a user interface for application (s) 126, widgets, websites and webpages thereof, and/or games, audio and/or video content, text, etc. ) at user device 100 via one or more output devices 112 (e.g., displays, speakers, etc. ) associated with user interface 110;
  • information e.g., a user interface for application (s) 126, widgets, websites and webpages thereof, and/or games, audio and/or video content, text, etc.
  • output devices 112 e.g., displays, speakers, etc.
  • o input processing module 122 for detecting one or more user inputs or interactions from one of the one or more input devices 114 and interpreting the detected input or interaction;
  • one or more applications 126 for execution by user device 100 (e.g., games, application marketplaces, payment platforms, and/or other web or non-web based applications) ;
  • the software manager 126 which provides data processing and functionalities for scanning software applications installed on the user device 100, distinguishing the software types of the identified software applications, and providing a user interface for removing non-essential, deletable/pre-installed software from the user device without harming the essential functions of the user device.
  • the software manager includes one or more of, but not limited to the following sub-modules:
  • ⁇ scanning module 128 to identify software installed on the user device
  • ⁇ characteristic collection module 130 to gather pertinent characteristic information associated with each identified software installed on the user device
  • ⁇ software type determination module 132 to determine the software types of identified software installed on the user device based on a plurality of determination criteria
  • ⁇ user interface module 134 for providing user interfaces to receive input and provide suggestions to a user regarding the nature and removability of identified software types, and receive instruction to remove one or more of the identified deletable/built-in software applications;
  • ⁇ software removal module 136 for removing selected deletable/built-in software applications in accordance with user instruction.
  • Each of the above identified elements may be stored in one or more of the previously mentioned memory devices, and corresponds to a set of instructions for performing a function described above.
  • the above identified modules or programs i.e., sets of instructions
  • memory 106 optionally, stores a subset of the modules and data structures identified above.
  • memory 106 optionally, stores additional modules and data structures not described above.
  • the display is a touch screen (sometimes also herein called a “touch screen display” ) enabled to receive one or more contacts and display information (e.g., media content, websites and webpages thereof, and/or user interfaces for application (s) 126) .
  • a touch screen sometimes also herein called a “touch screen display”
  • contacts and display information e.g., media content, websites and webpages thereof, and/or user interfaces for application (s) 126) .
  • Figure 2 is a flowchart of a method for distinguishing software types in accordance with some embodiments. The method includes the following steps:
  • the method determines whether the system-integrated software is of the type “deletable software” or the type “undeletable software. ” In some embodiments, before the acquiring the package name of the system-integrated software to be confirmed, the method includes: determining whether a user identification (UID) value of the acquired system-integrated software to be confirmed is less than 10000, and acquiring the package name of the system-integrated software to be confirmed if the UID value is less than 10000.
  • UID user identification
  • the method includes identifying all of the multiple system-integrated software packages that have UIDs less than 10000, and acquiring the package names of those system-integrated software packages that have UIDs less than 10000.
  • the software can be classified as deletable built-in software.
  • the method includes another pre-screening condition to improve accuracy of built-in software identification.
  • the pre-screening condition includes: before determining whether the UID value of the acquired system-integrated software is less than 10000, acquiring a signature of the system-integrated software; and determining whether the signature of the system-integrated software belongs to a predetermined system application publisher; and determining, in the acquired system-integrated software to be confirmed, whether the UID value of the system-integrated software whose signature does not belong to the predetermined system application publisher is less than 10000.
  • the predetermined system application publisher can be used to confirm different system application publishers according to different operating systems. Because operating systems all have their developers and publishers, the developer and publisher corresponding to the operating system serve as the predetermined system application publisher.
  • the code signature certificate provides such an ideal solution for software developers that the software developers can make digital signatures on software codes. Identifying software sources and true identity of the software developers through digital signatures on the codes ensures that the codes are not maliciously tampered with after being signed. The users, when downloading a piece of software code that has been signed, can effectively verify credibility of the code.
  • code signatures The basis of code signatures is a Public Key Infrastructure (PKI) security system.
  • a code signature certificate includes two parts, namely, a signature certificate private key and a public key certificate.
  • a private key is used for code signature
  • a public key is used for authentication of private key signatures and identity identification of certificate holders.
  • An implementation principle of functions of the code signature certificate is as follows.
  • a publisher applies for a digital certificate from a Certificate Authority (CA) institution.
  • CA Certificate Authority
  • the publisher develops a piece of software code; by means of a code signature tool, the publisher generates a hash value of the code by using a Message Digest Algorithm 5 (MD5) or a Secure Hash Algorithm (SHA) algorithm, and signs the hash value by using the private key of the code signature certificate, thereby generating a software package including the code signature and the signature certificate of the software publisher.
  • MD5 Message Digest Algorithm 5
  • SHA Secure Hash Algorithm
  • a user's operating environment accesses the software package, and checks validity of the code signature digital certificate of the software publisher. Because a public key of a root certificate has been embedded into a trusted root certificate store of the user's operating environment, the operating environment can authenticate authenticity of the code signature digital certificate of the publisher.
  • the user's operating environment uses the public key included in the code signature digital certificate to decrypt the signed hash value.
  • the user's operating environment newly generates a hash value of a primary code by using the same algorithm.
  • the user's operating environment compares the two hash values. If they are the same, a notification is issued to state that the code has passed the authentication. Therefore, the user can believe that the code is indeed issued by a certificate owner and has not been tampered with.
  • the whole process is completely transparent to the user, and the user can see prompt information of the software publisher and can select whether to trust the software publisher. After the user chooses to trust the software publisher, the user may not receive any prompt information any longer when running all programs signed by the software publisher.
  • another pre-screening condition to improve accuracy of built-in software identification is provided, which may be specifically as follows: before the determining whether the signature of the system-integrated software to be confirmed belongs to a predetermined system application publisher, the method further includes: (1) determining whether the total number of currently installed software packages with the same signature as the system-integrated software to be confirmed reaches a predetermined threshold; and (2) in accordance with a determination that the total number does not reached the predetermined threshold, determining, in the system-integrated software to be confirmed, whether the signature of the system-integrated software to be confirmed belongs to the predetermined system application publisher.
  • the threshold can be determined artificially, and generally, a specific value is determined according to the type of a current system, the number of system application software of the current system and the like (for example, the value can be set as 30 in an Android system) .
  • the value can be determined according to different operating systems, and therefore, persons skilled in the art can determine the value accordingly.
  • another pre-screening condition to improve accuracy of built-in software identification may be specifically as follows: before determining whether the total number of currently installed software packages with the same signature in the system-integrated software to be confirmed reaches a predetermined threshold, the method further includes: acquiring software installed under a system software file directory as the system-integrated software to be confirmed.
  • the above embodiment performs the first screening through software installation directories, and can quickly distinguish user-installed software; in this way, the speed of software identification can be improved.
  • the device operating system is an Android operating system
  • a path of the system-integrated software packages is /system/app
  • a path of the user-installed software packages is /data/app
  • the two paths being installation directories based on an android system.
  • paths of the system-integrated software and the user-installed software may be different.
  • names of various software installation directories can also be changed. Therefore, the above example should not be understood as a limit to the present disclosure.
  • system-integrated software to be confirmed does not correspond to the package name of the system software package extracted from the system Rom, identifying the system-integrated software to be confirmed as built-in application software. In other words, the system-integrated software to be confirmed is determined to be deletable software.
  • the above embodiment queries to see whether the package name of the system-integrated software to be confirmed corresponds to that of a system software package extracted from a system Rom, so as to identify the system-integrated software whose package name does not correspond to that of the system software package as built-in application software, thereby implementing software type identification of the built-in application software.
  • the built-in application software can be identified accurately, so as to provide convenience for securely meeting the user demands for maintaining cleaning of the system (e. g. , by deleting the built-in application software) and securely meeting the user demands for improving the running speed of the system or the like.
  • a method for confirming system application software may be specifically as follows:
  • the method includes confirming the subset of system-integrated software that has not been confirmed to be built-in application software as system application software. In other words, if a piece of system-integrated software is not identified as built-in application software based on the above process, that piece of system-integrated software is identified as system application software, and thus, undeletable software.
  • the system application software is confirmed after built-in software is identified, and in fact, the system application software can be confirmed in the process of identifying the built-in software.
  • the various screening conditions such as, (1) the UID value of the system-integrated software to be confirmed is less than 10000, (2) the signature of the system-integrated software to be confirmed belongs to the predetermined system application publisher, and (3) the total number of currently installed software packages with the same signature as the system-integrated software to be confirmed reaches the predetermined threshold, can confirm the software as system application software.
  • the confirmation order described above needs not be the only possible confirmation order. Other ordering of the various screening conditions is possible in accordance with various embodiments.
  • the following embodiment will take distinguishing of software types in a mobile phone installed with an Android (a mobile phone operating system) system as an example for detailed description.
  • Android a mobile phone operating system
  • the Android system is merely one of numerous types of system software, in fact, the system software has many types, and the system software is not merely limited to mobile phone system software, and the solution presented herein is also applicable to other operating systems of other devices.
  • a method for distinguishing software types include the following:
  • 301 Identify user-installed software and system-integrated application software from all software packages currently installed on the device.
  • the identification method in this step may be according to installation directories.
  • all software installed in the Adroid operating system (as a representative mobile phone operating system) is classified into system-integrated software and user-installed software according to installation paths (or software installation information) of software packages, where a path of system-integrated software packages is /system/app, and a path of user-installed software packages is/data/app.
  • the user-installed software can be excluded from further distinguishing processes discussed below. The user is free to delete the user-installed software from the /data/app directory, once the user-installed software is identified based on directory information.
  • a path of the system-integrated software packages is /system/app
  • a path of the user-installed software packages is /data/app.
  • paths of the system-integrated software and the user-installed software may be different.
  • Names of various software installation directories can also be changed.
  • the directories names for the system-integrated software and user installed software are provided to the software manager in advance before the directory names are used to perform the software type identification.
  • the software manager goes to the Internet to retrieve the directory names/paths based on the operating system of the device.
  • the software manager prompts the user to enter the names/paths of the user-installed software, and system-integrated software, if such paths have been renamed by the user in the past.
  • identifying the system application software within the list of software includes: the total number of software packages with the same signature is determined, and if the number reaches a certain threshold (for example, 30) or more, the software packages with the same signature can be regarded as system application software and can be added to a list of system application software. Other software can be regarded as system-integrated software to be confirmed with additional screen steps.
  • software packages that belong to a set of software packages sharing a common signature are identified as system application software, if the total number of packages sharing the common signature is large, e.g., exceeds a predetermined threshold. Software packages that do not belong to such large sets are less likely to be system application software, and, therefore, need to go through additional screening to be confirmed as system application software.
  • step 302 among the remaining system-integrated software to be confirmed, determine whether a signature of each of the system-integrated software to be confirmed belongs to a predetermined system application publisher. If yes, determine that the system-integrated software to be confirmed is system application software; otherwise, include the software as system-integrated software to be confirmed for further screening.
  • step 303 may be specifically as follows: in a list of remaining software classified according to signature information in the step 302, it is queried to see whether corresponding signatures belong to particular system application publishers, e.g., Google (the publisher of the Android operating system) or the manufacturers of one or more hardware components of the device.
  • the software manager extracts the names of organizations in the signature information of the software to be confirmed, so as to determine whether the software is system application software.
  • step 303 In the remaining system-integrated software to be confirmed after the step 303, determine whether a UID value of the software is less than 10000. If yes, confirm that the software is system application software; otherwise, the software is included as system-integrated software to be confirmed by a further screening step.
  • a UID of each piece of software in a corresponding signed software set is less than 10000, and if yes, the software of the software set is also classified into the system application software. For example, if five pieces of software in the list of remaining software packages to be confirmed share a common signature, and the UID of each of the five pieces of software are all below the predetermined value (e.g., 10000) , all five pieces of software are determined to be system application software. Otherwise, the five pieces of software are all included for further screening.
  • step 304 after step 304, among the remaining system-integrated software to be confirmed, determine system-integrated software that do not correspond to a package name of a system software package extracted from a system Rom as built-in application software.
  • this step includes, in a list of remaining software classified according to signature information in the step 304, it is queried to see whether a package name of each piece of software corresponds to a system software application, and if yes, the piece of software is determined to be system application software and excluded from further screening.
  • a list of the system software applications are obtained by extracting the names of system software packages from an android system native Rom.
  • built-in application software (corresponding to the manufacturer or operator) is left, and such software can be deleted, which may not affect the stability of the system.
  • system application software can be identified, and for further distinguishing, the software can be distinguished as being risky when being deleted and being undeletable.
  • UID numbers of undeletable system application software are all less than 10000.
  • the user can accurately distinguish deletable built-in application software, so as to maintain cleaning of the system.
  • the user may also know the degree of risk after the software is deleted.
  • Figure 4 is a flowchart of an exemplary method for distinguishing software types.
  • the method can be performed at a device (e.g., device 100 in Figure 1) having one or more processors and memory.
  • the memory stores instructions for performing the operations described herein.
  • the method is performed by a component of the device, such as the software manager 126 of the device 100.
  • the method includes: at a device having one or more processors and memory: obtaining (402) a listing of system-integrated software applications for software type determination, the listing of system-integrated software applications being a subset of all software applications currently installed on the device.
  • the listing of system-integrated software applications for software type determination are obtained by going through one or more of the screening steps described above.
  • the listing of system-integrated software applications includes all applications residing in the system application directory (e.g., /system/app) .
  • the listing is trimmed down by performing one or more of the additional screening steps described above, e.g., the screening based on UID, signature, package name, etc.
  • to obtain the listing of system-integrated software applications for software type determination further includes: receiving a user instruction to optimize the device; in response to receiving the user instruction to optimize the device, identifying a plurality of system-integrated software applications from one or more predetermined system application directories of the device (e.g., /system/app) ; and for each of the identified plurality of system-integrated software applications: determining a respective past execution pattern of the identified system-integrated software application; and in accordance with a determination of whether the respective past execution pattern meets one or more predetermined low risk patterns, including the identified system-integrated software application in the listing of system-integrated software applications for software type determination.
  • predetermined system application directories of the device e.g., /system/app
  • the one or more predetermined low risk patterns include at least one of: the software has never been executed on the device, the software has not been executed for at least a threshold period of time, and the software has only been executed by the user and never by the operating system.
  • the identified system-integrated software application is included in the listing of system-integrated software applications for software type determination in accordance with a determination that the respective past execution pattern of the identified system-integrated software application meets the one or more predetermined low risk patterns.
  • the identified system-integrated software application is included in the listing of system-integrated software applications for software type determination in accordance with a determination that the respective past execution pattern of the identified system- integrated software application does not meet the one or more predetermined low risk patterns. The choice between the above two approaches depend on whether it is more important to be accurate or to be less risky in terms of identifying built-in applications for deletion.
  • the method further includes: for each software application in the listing of system-integrated software applications for software type determination, determining (404) whether the system-integrated software application is system application software or built-in application software. The determination can be based on any combinations of the screening techniques described in the present disclosure or other screening techniques known or not known at the present time.
  • the method further includes: presenting (406) a listing of built-in application software identified from the listing of system-integrated software applications, with a respective affordance for deleting each respective built-in application software in the listing of identified built-in application software. This provides a convenient way of cleaning the system and rid of non-essential built-in application software that the user does not really need.
  • the method further includes: detecting a user instruction for deleting a respective piece of system application software identified from the listing of system-integrated software applications; and in response to detecting the user instruction for deleting the respective piece of system application software, providing a warning to a user regarding the deletion.
  • the method further includes: identifying a plurality of screening conditions for identifying system application software, wherein determining whether each system-integrated software application in the listing of system-integrated software applications is system application software or built-in application software further includes: applying two or more of the plurality of screening conditions in parallel on the system-integrated software application; and identifying the system-integrated software application as system application software if the two or more screening conditions are all passed by the system-integrated software application. This is a more risky way of identifying built-in application software, and allowing more applications to be deletable by the user.
  • the method includes identifying the system-integrated software application as system application software if at least a threshold number of the two or more screening conditions are all passed by the system-integrated software application.
  • an apparatus for distinguishing software types includes: a package name acquisition unit 501, for acquiring a package name of a system-integrated software to be confirmed; a query unit 502, for querying to see whether the package name of the system-integrated software to be confirmed as acquired by the package name acquisition unit 501 corresponds to that of a system software package extracted from a system Rom; and a built-in software confirmation unit 503, for determining the system-integrated software not corresponding to the package name of the system software package extracted from the system Rom as built-in application software.
  • the above embodiment queries to see whether the package name of the system-integrated software to be confirmed corresponds to that of a system software package extracted from a system Rom, so as to confirm that the system-integrated software whose package name does not correspond to that of the system software package as built-in application software, which achieves the goal of distinguishing the software type of the system-integrated software, and accurately identifying the built-in application software, so as to provide convenience for securely meeting the user demands for maintaining cleaning of the system and securely meeting the user demands for improving the running speed of the system or the like.
  • the apparatus further includes: a value determination and acquisition unit 501.
  • the value determination and acquisition unit 501 determines whether a UID value of the acquired system-integrated software to be confirmed is less than 10000.
  • the package name acquisition unit 501 is used for acquiring a package name of the system-integrated software to be confirmed if the UID value is less than 10000 in the system-integrated software to be confirmed. Because software whose UID value is less than 10000 can generally be deleted, the software can be classified as system-integrated software to be confirmed by further screening.
  • the apparatus further includes: a signature acquisition unit 505, for acquiring a signature of the system-integrated software to be confirmed; and a publisher determination unit 506, for determining whether the signature of the system-integrated software to be confirmed belongs to a predetermined system application publisher before the value determination and acquisition unit 504 determines whether a UID value of the acquired system-integrated software to be confirmed is less than 10000.
  • the value determination and acquisition unit 504 is used for determining, in the acquired system-integrated software to be confirmed, whether the UID value of the system-integrated software whose signature does not belong to the predetermined system application publisher is less than 10000.
  • the predetermined system application publisher can confirm different system application publishers according to different operating systems. Because operating systems all have their developers and publishers, the developer and publisher corresponding to the operating system serve as the predetermined system application publisher.
  • the apparatus further includes: a number determination unit 507, for, before the publisher determination unit 506 determines whether the signature of the system-integrated software to be confirmed belongs to a predetermined system application publisher, determining whether the number of a set of software with the same signature in the system-integrated software to be confirmed reaches a predetermined threshold.
  • the publisher determination unit 506 is used for determining, in the system-integrated software to be confirmed, whether the signature of the system-integrated software to be confirmed for which the number of a set of software with the same signature does not reach the predetermined threshold belongs to the predetermined system application publisher.
  • the threshold can be determined artificially, and generally, a specific value is determined according to the type of a current system, the number of system application software of the current system and the like, for example, the value can be set as 30 in an Android system.
  • the value can be determined according to different operating systems, and therefore, persons skilled in the art can determine the value accordingly, which is not limited in the embodiment of the present invention.
  • the apparatus further includes: a software acquisition unit 508, for, before the number determination unit 507 determines whether the number of a set of software with the same signature in the system-integrated software to be confirmed reaches a predetermined threshold, acquiring software installed under a system software file directory as the system-integrated software to be confirmed.
  • the above embodiment performs first screening according to software installation directories, and can quickly distinguish user-installed software; in this way, the speed of software identification can be improved.
  • the two paths are installation directories based on an android system, for other operating systems, paths of the system-integrated software and the user-installed software may be different, besides, even if it is an android system, names of various software installation directories can also be changed; therefore, the above example should not be understood as a limit for the present disclosure.
  • the apparatus further includes: a system confirmation unit 509, for, after the built-in confirmation unit 503 determines the built-in application software, confirming system-integrated software to be confirmed other than the built-in application software in the system-integrated software to be confirmed as system application software.
  • the system application software is confirmed after built-in software is identified, and in fact, the system application software can be confirmed in the process of identifying the built-in software, for example, the various screening conditions of this embodiment, that is, the UID value of the system-integrated software to be confirmed is less than 10000, the signature of the system-integrated software to be confirmed belongs to the predetermined system application publisher, and the number of a set of software with the same signature in the system-integrated software to be confirmed reaches the predetermined threshold, can confirm the software as system application software. Therefore, a confirmation order in this embodiment is not a unique confirmation order of the embodiment of the present invention.
  • stages that are not order dependent may be reordered and other stages may be combined or broken out. While some reordering or other groupings are specifically mentioned, others will be obvious to those of ordinary skill in the art and so do not present an exhaustive list of alternatives. Moreover, it should be recognized that the stages could be implemented in hardware, firmware, software or any combination thereof.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

Method and Apparatus for distinguishing software types are disclosed. The method includes: at a device having one or more processors and memory: obtaining a listing of system-integrated software applications for software type determination, the listing of system-integrated software applications being a subset of all software applications currently installed on the device; for each software application in the listing of system-integrated software applications for software type determination, determining whether the system-integrated software application is system application software or built-in application software; and presenting a listing of built-in application software identified from the listing of system-integrated software applications, with a respective affordance for deleting each respective built-in application software in the listing of identified built-in application software.

Description

METHOD AND APPARATUS FOR DISTINGUISHING SOFTWARE TYPES
PRIORITY CLAIM AND RELATED APPLICATION
This application claims priority to Chinese Patent Application No. 201310634586.2, entitled “Method and Apparatus for Distinguishing Software Types, ” filed on December 2, 2013, which is incorporated by reference in its entirety.
FIELD OF THE TECHNOLOGY
The present disclosure relates to the field of computer technologies, and in particular, to a method and apparatus for distinguishing software types.
BACKGROUND
Software is an interface between a user and hardware. The user communicates with a computer mainly through software. Software is an important basis for computer system design. Generally, software is classified into system application software and user-installed software; or classified into deletable software and undeletable software.
The user-installed software refers to a software package installed by a user, which is generally installed under a /data/app directory, and because deleting the software does not affect whether a device can be used, the software can be deleted. The system application software is an indispensible part of an operating system, and because deleting the software may cause a certain important function to be unavailable, or even lead to breakdown of the entire system, the software is generally undeletable ( “undeletable” means that deletion has unintended consequences to the user regarding normal usage of the device) . The system application software is generally saved in a /system/app directory, the /system/app directory may generally include the system application software, and software developed by a manufacturer or a Read-Only Memory (Rom) developer for enriching system functions; such software is called built-in application software.
Built-in application software: software of such a type is also saved in the /system/app directory, and includes various types of software built in by a manufacturer or a Rom developer for a certain purpose before leaving the factory or during Rom integration; the software may be undesired  by a user, occupies space when existing in the system, and slows down the running speed of the system. The user can delete the software in the case of having permission, and deletion of the software may not affect stability of the system.
SUMMARY
Currently, many mobile phone terminal channels may build in application software and then sell mobile phones to consumers with the built-in application software. If consumers need to delete the built-in application software, they may encounter the following problem: the built-in application software and the system application software cannot be distinguished easily by the user, and unloading of the system application software accidentally may crash the mobile phones.
Based on the foregoing introduction, a system classifies software into two large classes, namely, user-installed software  and system-integrated software, a package of user-installed software is saved under a /data/app directory, and the user can delete the package freely; a package of system-integrated software is saved under a /system/app directory, the user has no permission to delete the software, and if the user wants to delete the software, the user must obtain a Root (superuser) permission. The system-integrated software may also be classified into system application software and (manufacturer or operator) built-in application software, it is very difficult for the user to distinguish such two small classes at present, in order to maintain cleaning of the system, some user, when obtaining the permission, may mistakenly delete some important system application software and cause a certain function to be unavailable, or even cause breakdown of the entire system.
Based on the foregoing description, it can be found that, if software types are merely distinguished according to software installation directories, built-in application software and system application software cannot be distinguished. Therefore, unwanted built-in application software cannot be accurately deleted, user demands for maintaining cleaning of the system cannot be securely met, and user demands for improving the running speed of the system cannot be securely met.
To address the issues identified above, in some embodiments, a method of distinguishing software types is performed at a device (e.g., device 100, Figure 1) with one or more processors and memory. The method includes: obtaining a listing of system-integrated software applications for software type determination, the listing of system-integrated software applications being a subset of all software applications currently installed on the device; for each software  application in the listing of system-integrated software applications for software type determination, determining whether the system-integrated software application is system application software or built-in application software; and presenting a listing of built-in application software identified from the listing of system-integrated software applications, with a respective affordance for deleting each respective built-in application software in the listing of identified built-in application software.
In some embodiments, a computing device (e.g., device 100 (Figure 1) or a component thereof (e.g., software manager 126, Figure 1) ) includes one or more processors and memory storing one or more programs for execution by the one or more processors, the one or more programs include instructions for performing, or controlling performance of, the operations of any of the methods described herein. In some embodiments, a non-transitory computer readable storage medium storing one or more programs, the one or more programs comprising instructions, which, when executed by a computing device (e.g., device 100 (Figure 1) or a component thereof (e.g., software manager 126, Figure 1) ) with one or more processors, cause the computing device to perform, or control performance of, the operations of any of the methods described herein. In some embodiments, a computing device (e.g., device 100 (Figure 1) or a component thereof (e.g., software manager 126, Figure 1) ) includes means for performing, or controlling performance of, the operations of any of the methods described herein.
Various advantages of the present application are apparent in light of the descriptions below.
BRIEF DESCRIPTION OF THE DRAWINGS
The aforementioned features and advantages of the invention as well as additional features and advantages thereof will be more clearly understood hereinafter as a result of a detailed description of preferred embodiments when taken in conjunction with the drawings.
To illustrate the technical solutions according to the embodiments of the present invention more clearly, the accompanying drawings for describing the embodiments are introduced briefly in the following. Apparently, the accompanying drawings in the following description are merely some embodiments of the present invention; persons of ordinary skill in the art may obtain other drawings according to the accompanying drawings without paying any creative efforts.
Figure 1 is a block diagram of an exemplary user device in accordance with some embodiments.
Figure 2 is a flowchart of a method for distinguishing software types in accordance with some embodiments.
Figure 3 is a flowchart of a method for distinguishing software types in accordance with some embodiments.
Figure 4 is a flow chart of a method for distinguishing software types in accordance with some embodiments.
Figure 5 is a schematic structural diagram of an apparatus in accordance with some embodiments.
Like reference numerals refer to corresponding parts throughout the several views of the drawings.
DESCRIPTION OF EMBODIMENTS
Reference will now be made in detail to embodiments, examples of which are illustrated in the accompanying drawings. In the following detailed description, numerous specific details are set forth in order to provide a thorough understanding of the subject matter presented herein. But it will be apparent to one skilled in the art that the subject matter may be practiced without these specific details. In other instances, well-known methods, procedures, components, and circuits have not been described in detail so as not to unnecessarily obscure aspects of the embodiments.
Figure 1 is a block diagram illustrating a representative user device 100 in accordance with some embodiments. User device 100, typically, includes one or more processing units (CPUs) 102, one or more network interfaces 104, memory 106, and one or more communication buses 108 for interconnecting these components (sometimes called a chipset) . User device 100 also includes a user interface 110. User interface 110 includes one or more output devices 112 that enable presentation of media content, including one or more speakers and/or one or more visual displays. User interface 110 also includes one or more input devices 114, including user interface components that facilitate user input such as a keyboard, a mouse, a voice-command input unit or microphone, a touch screen display, a touch-sensitive input pad, a gesture capturing camera, or other input buttons or controls. Furthermore, some user devices 102 use a microphone and voice recognition or a camera and gesture recognition to supplement or replace the keyboard. Memory 106 includes high-speed random access memory, such as DRAM, SRAM, DDR RAM, or other random access solid state  memory devices; and, optionally, includes non-volatile memory, such as one or more magnetic disk storage devices, one or more optical disk storage devices, one or more flash memory devices, or one or more other non-volatile solid state storage devices. Memory 106, optionally, includes one or more storage devices remotely located from one or more processing units 102. Memory 106, or alternatively the non-volatile memory within memory 106, includes a non-transitory computer readable storage medium.
In some implementations, memory 106, or the non-transitory computer readable storage medium of memory 106, stores the following programs, modules, and data structures, or a subset or superset thereof:
o operating system 116 including procedures for handling various basic system services and for performing hardware dependent tasks;
network communication module 118 for connecting user device 100 to other computing devices (e.g., a test server and web servers for webpages) connected to one or more networks via one or more network interfaces 104 (wired or wireless) ;
presentation module 120 for enabling presentation of information (e.g., a user interface for application (s) 126, widgets, websites and webpages thereof, and/or games, audio and/or video content, text, etc. ) at user device 100 via one or more output devices 112 (e.g., displays, speakers, etc. ) associated with user interface 110;
input processing module 122 for detecting one or more user inputs or interactions from one of the one or more input devices 114 and interpreting the detected input or interaction;
o one or more applications 126 for execution by user device 100 (e.g., games, application marketplaces, payment platforms, and/or other web or non-web based applications) ;
software manager 126, which provides data processing and functionalities for scanning software applications installed on the user device 100, distinguishing the software types of the identified software applications, and providing a user interface for removing non-essential, deletable/pre-installed software from the user device without harming the essential functions of the user device. The software manager includes one or more of, but not limited to the following sub-modules:
· scanning module 128 to identify software installed on the user device;
· characteristic collection module 130 to gather pertinent characteristic information associated with each identified software installed on the user device;
· software type determination module 132 to determine the software types of identified software installed on the user device based on a plurality of determination criteria;
· user interface module 134 for providing user interfaces to receive input and provide suggestions to a user regarding the nature and removability of identified software types, and receive instruction to remove one or more of the identified deletable/built-in software applications; and
· software removal module 136 for removing selected deletable/built-in software applications in accordance with user instruction.
Each of the above identified elements may be stored in one or more of the previously mentioned memory devices, and corresponds to a set of instructions for performing a function described above. The above identified modules or programs (i.e., sets of instructions) need not be implemented as separate software programs, procedures, modules or data structures, and thus various subsets of these modules may be combined or otherwise re-arranged in various implementations. In some implementations, memory 106, optionally, stores a subset of the modules and data structures identified above. Furthermore, memory 106, optionally, stores additional modules and data structures not described above.
Attention is now directed towards embodiments of user interfaces and associated processes that may be implemented on a user device 100 with zero or more speakers, zero or more microphones, and a display. For example, the display is a touch screen (sometimes also herein called a “touch screen display” ) enabled to receive one or more contacts and display information (e.g., media content, websites and webpages thereof, and/or user interfaces for application (s) 126) .
Figure 2 is a flowchart of a method for distinguishing software types in accordance with some embodiments. The method includes the following steps:
201: Acquire a package name of system-integrated software to be confirmed.
In some embodiments, in order to achieve risk management on software deletion, the method determines whether the system-integrated software is of the type “deletable software” or the  type “undeletable software. ” In some embodiments, before the acquiring the package name of the system-integrated software to be confirmed, the method includes: determining whether a user identification (UID) value of the acquired system-integrated software to be confirmed is less than 10000, and acquiring the package name of the system-integrated software to be confirmed if the UID value is less than 10000. In general, there are multiple system-integrated software packages installed on the user device, and the method includes identifying all of the multiple system-integrated software packages that have UIDs less than 10000, and acquiring the package names of those system-integrated software packages that have UIDs less than 10000.
Because software whose UID value is less than 10000 can generally be deleted without harming the device’s operation, the software can be classified as deletable built-in software.
Further, in some embodiments, the method includes another pre-screening condition to improve accuracy of built-in software identification. The pre-screening condition includes: before determining whether the UID value of the acquired system-integrated software is less than 10000, acquiring a signature of the system-integrated software; and determining whether the signature of the system-integrated software belongs to a predetermined system application publisher; and determining, in the acquired system-integrated software to be confirmed, whether the UID value of the system-integrated software whose signature does not belong to the predetermined system application publisher is less than 10000.
The predetermined system application publisher can be used to confirm different system application publishers according to different operating systems. Because operating systems all have their developers and publishers, the developer and publisher corresponding to the operating system serve as the predetermined system application publisher.
The reason why a software signature (code signature certificate) is used as a condition for distinguishing is introduced as follows.
The code signature certificate provides such an ideal solution for software developers that the software developers can make digital signatures on software codes. Identifying software sources and true identity of the software developers through digital signatures on the codes ensures that the codes are not maliciously tampered with after being signed. The users, when downloading a piece of software code that has been signed, can effectively verify credibility of the code.
The basis of code signatures is a Public Key Infrastructure (PKI) security system. A code signature certificate includes two parts, namely, a signature certificate private key and a public key certificate. A private key is used for code signature, and a public key is used for authentication of private key signatures and identity identification of certificate holders. An implementation principle of functions of the code signature certificate is as follows.
1. A publisher applies for a digital certificate from a Certificate Authority (CA) institution.
2. The publisher develops a piece of software code; by means of a code signature tool, the publisher generates a hash value of the code by using a Message Digest Algorithm 5 (MD5) or a Secure Hash Algorithm (SHA) algorithm, and signs the hash value by using the private key of the code signature certificate, thereby generating a software package including the code signature and the signature certificate of the software publisher.
3. A user's operating environment accesses the software package, and checks validity of the code signature digital certificate of the software publisher. Because a public key of a root certificate has been embedded into a trusted root certificate store of the user's operating environment, the operating environment can authenticate authenticity of the code signature digital certificate of the publisher.
4. The user's operating environment uses the public key included in the code signature digital certificate to decrypt the signed hash value.
5. The user's operating environment newly generates a hash value of a primary code by using the same algorithm.
6. The user's operating environment compares the two hash values. If they are the same, a notification is issued to state that the code has passed the authentication. Therefore, the user can believe that the code is indeed issued by a certificate owner and has not been tampered with.
The whole process is completely transparent to the user, and the user can see prompt information of the software publisher and can select whether to trust the software publisher. After the user chooses to trust the software publisher, the user may not receive any prompt information any longer when running all programs signed by the software publisher.
Further, in some embodiments, another pre-screening condition to improve accuracy of built-in software identification is provided, which may be specifically as follows: before the determining whether the signature of the system-integrated software to be confirmed belongs to a predetermined system application publisher, the method further includes: (1) determining whether the total number of currently installed software packages with the same signature as the system-integrated software to be confirmed reaches a predetermined threshold; and (2) in accordance with a determination that the total number does not reached the predetermined threshold, determining, in the system-integrated software to be confirmed, whether the signature of the system-integrated software to be confirmed belongs to the predetermined system application publisher.
In some embodiments, the threshold can be determined artificially, and generally, a specific value is determined according to the type of a current system, the number of system application software of the current system and the like (for example, the value can be set as 30 in an Android system) . The value can be determined according to different operating systems, and therefore, persons skilled in the art can determine the value accordingly.
Further, in some embodiments, another pre-screening condition to improve accuracy of built-in software identification may be specifically as follows: before determining whether the total number of currently installed software packages with the same signature in the system-integrated software to be confirmed reaches a predetermined threshold, the method further includes: acquiring software installed under a system software file directory as the system-integrated software to be confirmed. The above embodiment performs the first screening through software installation directories, and can quickly distinguish user-installed software; in this way, the speed of software identification can be improved.
In the above example, if the device operating system is an Android operating system, a path of the system-integrated software packages is /system/app, and a path of the user-installed software packages is /data/app, the two paths being installation directories based on an android system. For other operating systems, paths of the system-integrated software and the user-installed software may be different. Besides, even for an Android system, names of various software installation directories can also be changed. Therefore, the above example should not be understood as a limit to the present disclosure.
202: Query to see whether the package name of the system-integrated software to be confirmed corresponds to that of a system software package extracted from a system Rom.
203: In accordance with a determination that the system-integrated software to be confirmed does not correspond to the package name of the system software package extracted from the system Rom, identifying the system-integrated software to be confirmed as built-in application software. In other words, the system-integrated software to be confirmed is determined to be deletable software.
The above embodiment queries to see whether the package name of the system-integrated software to be confirmed corresponds to that of a system software package extracted from a system Rom, so as to identify the system-integrated software whose package name does not correspond to that of the system software package as built-in application software, thereby implementing software type identification of the built-in application software. Moreover, the built-in application software can be identified accurately, so as to provide convenience for securely meeting the user demands for maintaining cleaning of the system (e. g. , by deleting the built-in application software) and securely meeting the user demands for improving the running speed of the system or the like.
Further, in some embodiments, a method for confirming system application software may be specifically as follows:
In some embodiments, after step 203 is performed and the system-integrated software is determined to be built-in application software, the method includes confirming the subset of system-integrated software that has not been confirmed to be built-in application software as system application software. In other words, if a piece of system-integrated software is not identified as built-in application software based on the above process, that piece of system-integrated software is identified as system application software, and thus, undeletable software.
In this embodiment, the system application software is confirmed after built-in software is identified, and in fact, the system application software can be confirmed in the process of identifying the built-in software. For example, the various screening conditions, such as, (1) the UID value of the system-integrated software to be confirmed is less than 10000, (2) the signature of the system-integrated software to be confirmed belongs to the predetermined system application publisher, and (3) the total number of currently installed software packages with the same signature as the system-integrated software to be confirmed reaches the predetermined threshold, can confirm the software as system application software. The confirmation order described above needs not be the only possible confirmation order. Other ordering of the various screening conditions is possible in accordance with various embodiments.
The following embodiment will take distinguishing of software types in a mobile phone installed with an Android (a mobile phone operating system) system as an example for detailed description. It should be noted that, the Android system is merely one of numerous types of system software, in fact, the system software has many types, and the system software is not merely limited to mobile phone system software, and the solution presented herein is also applicable to other operating systems of other devices.
As shown in Figure 3, in some embodiments, a method for distinguishing software types include the following:
301: Identify user-installed software and system-integrated application software from all software packages currently installed on the device.
The identification method in this step may be according to installation directories. In some embodiments, first, all software installed in the Adroid operating system (as a representative mobile phone operating system) is classified into system-integrated software and user-installed software according to installation paths (or software installation information) of software packages, where a path of system-integrated software packages is /system/app, and a path of user-installed software packages is/data/app. In this case, the user-installed software can be excluded from further distinguishing processes discussed below. The user is free to delete the user-installed software from the /data/app directory, once the user-installed software is identified based on directory information.
In the above example, for an Android operating system, a path of the system-integrated software packages is /system/app, and a path of the user-installed software packages is /data/app. For other operating systems, paths of the system-integrated software and the user-installed software may be different. Names of various software installation directories can also be changed. In some embodiments, the directories names for the system-integrated software and user installed software are provided to the software manager in advance before the directory names are used to perform the software type identification. In some embodiments, the software manager goes to the Internet to retrieve the directory names/paths based on the operating system of the device. In some embodiments, the software manager prompts the user to enter the names/paths of the user-installed software, and system-integrated software, if such paths have been renamed by the user in the past.
302: Sort the system-integrated software according to classification of signatures, so as to obtain a list of software sorted according to the classification of signatures; and identify the system application software from among the system-integrated software.
In some embodiment, identifying the system application software within the list of software includes: the total number of software packages with the same signature is determined, and if the number reaches a certain threshold (for example, 30) or more, the software packages with the same signature can be regarded as system application software and can be added to a list of system application software. Other software can be regarded as system-integrated software to be confirmed with additional screen steps. In this step, software packages that belong to a set of software packages sharing a common signature are identified as system application software, if the total number of packages sharing the common signature is large, e.g., exceeds a predetermined threshold. Software packages that do not belong to such large sets are less likely to be system application software, and, therefore, need to go through additional screening to be confirmed as system application software.
303: After step 302, among the remaining system-integrated software to be confirmed, determine whether a signature of each of the system-integrated software to be confirmed belongs to a predetermined system application publisher. If yes, determine that the system-integrated software to be confirmed is system application software; otherwise, include the software as system-integrated software to be confirmed for further screening.
In some embodiments, step 303 may be specifically as follows: in a list of remaining software classified according to signature information in the step 302, it is queried to see whether corresponding signatures belong to particular system application publishers, e.g., Google (the publisher of the Android operating system) or the manufacturers of one or more hardware components of the device. In some embodiments, the software manager extracts the names of organizations in the signature information of the software to be confirmed, so as to determine whether the software is system application software.
In some embodiments, it can be actually considered that if any of the remaining software has not been classified as system application software at this point, it is built-in application software. In some embodiments, accuracy still needs to be improved; besides, whether the remaining software can be deleted still cannot be fully determined, and thus the following step of determining a UID value can be further performed.
304: In the remaining system-integrated software to be confirmed after the step 303, determine whether a UID value of the software is less than 10000. If yes, confirm that the software is system application software; otherwise, the software is included as system-integrated software to be confirmed by a further screening step.
In some embodiments, in a list of remaining software classified according to signature information in the step 303, it is queried to see whether a UID of each piece of software in a corresponding signed software set is less than 10000, and if yes, the software of the software set is also classified into the system application software. For example, if five pieces of software in the list of remaining software packages to be confirmed share a common signature, and the UID of each of the five pieces of software are all below the predetermined value (e.g., 10000) , all five pieces of software are determined to be system application software. Otherwise, the five pieces of software are all included for further screening.
305: after step 304, among the remaining system-integrated software to be confirmed, determine system-integrated software that do not correspond to a package name of a system software package extracted from a system Rom as built-in application software.
In some embodiments, this step includes, in a list of remaining software classified according to signature information in the step 304, it is queried to see whether a package name of each piece of software corresponds to a system software application, and if yes, the piece of software is determined to be system application software and excluded from further screening. A list of the system software applications are obtained by extracting the names of system software packages from an android system native Rom.
306. Provide a prompt about the built-in software that still remains.
Through the screening solution of the above embodiment, built-in application software (corresponding to the manufacturer or operator) is left, and such software can be deleted, which may not affect the stability of the system. Through the screening solution of the above embodiment, system application software can be identified, and for further distinguishing, the software can be distinguished as being risky when being deleted and being undeletable. UID numbers of undeletable system application software are all less than 10000.
Through the above embodiment, the user can accurately distinguish deletable built-in application software, so as to maintain cleaning of the system. In addition, when deleting system application software, the user may also know the degree of risk after the software is deleted.
Figure 4 is a flowchart of an exemplary method for distinguishing software types. The method can be performed at a device (e.g., device 100 in Figure 1) having one or more processors and memory. The memory stores instructions for performing the operations described  herein. In some embodiments, the method is performed by a component of the device, such as the software manager 126 of the device 100.
In some embodiments, the method includes: at a device having one or more processors and memory: obtaining (402) a listing of system-integrated software applications for software type determination, the listing of system-integrated software applications being a subset of all software applications currently installed on the device.
In some embodiments, the listing of system-integrated software applications for software type determination are obtained by going through one or more of the screening steps described above. For example, in some embodiments, the listing of system-integrated software applications includes all applications residing in the system application directory (e.g., /system/app) . In some embodiments, the listing is trimmed down by performing one or more of the additional screening steps described above, e.g., the screening based on UID, signature, package name, etc. In some embodiments, to obtain the listing of system-integrated software applications for software type determination further includes: receiving a user instruction to optimize the device; in response to receiving the user instruction to optimize the device, identifying a plurality of system-integrated software applications from one or more predetermined system application directories of the device (e.g., /system/app) ; and for each of the identified plurality of system-integrated software applications: determining a respective past execution pattern of the identified system-integrated software application; and in accordance with a determination of whether the respective past execution pattern meets one or more predetermined low risk patterns, including the identified system-integrated software application in the listing of system-integrated software applications for software type determination.
In some embodiments, the one or more predetermined low risk patterns include at least one of: the software has never been executed on the device, the software has not been executed for at least a threshold period of time, and the software has only been executed by the user and never by the operating system. In some embodiments, the identified system-integrated software application is included in the listing of system-integrated software applications for software type determination in accordance with a determination that the respective past execution pattern of the identified system-integrated software application meets the one or more predetermined low risk patterns. Alternatively, in some embodiments, the identified system-integrated software application is included in the listing of system-integrated software applications for software type determination in accordance with a determination that the respective past execution pattern of the identified system- integrated software application does not meet the one or more predetermined low risk patterns. The choice between the above two approaches depend on whether it is more important to be accurate or to be less risky in terms of identifying built-in applications for deletion.
In some embodiments, the method further includes: for each software application in the listing of system-integrated software applications for software type determination, determining (404) whether the system-integrated software application is system application software or built-in application software. The determination can be based on any combinations of the screening techniques described in the present disclosure or other screening techniques known or not known at the present time.
In some embodiments, the method further includes: presenting (406) a listing of built-in application software identified from the listing of system-integrated software applications, with a respective affordance for deleting each respective built-in application software in the listing of identified built-in application software. This provides a convenient way of cleaning the system and rid of non-essential built-in application software that the user does not really need.
In some embodiments, the method further includes: detecting a user instruction for deleting a respective piece of system application software identified from the listing of system-integrated software applications; and in response to detecting the user instruction for deleting the respective piece of system application software, providing a warning to a user regarding the deletion.
In some embodiments, the method further includes: identifying a plurality of screening conditions for identifying system application software, wherein determining whether each system-integrated software application in the listing of system-integrated software applications is system application software or built-in application software further includes: applying two or more of the plurality of screening conditions in parallel on the system-integrated software application; and identifying the system-integrated software application as system application software if the two or more screening conditions are all passed by the system-integrated software application. This is a more risky way of identifying built-in application software, and allowing more applications to be deletable by the user. Alternatively, the method includes identifying the system-integrated software application as system application software if at least a threshold number of the two or more screening conditions are all passed by the system-integrated software application.
The method described with respect to Figure 4 is merely illustrative and is not exhaustive of all variations possible. Other details and aspects of the method are provided with respect to Figures 1-3 and 5, and are not repeated in the interest of brevity.
In some embodiments, an apparatus for distinguishing software types, as shown in Figure 5, includes: a package name acquisition unit 501, for acquiring a package name of a system-integrated software to be confirmed; a query unit 502, for querying to see whether the package name of the system-integrated software to be confirmed as acquired by the package name acquisition unit 501 corresponds to that of a system software package extracted from a system Rom; and a built-in software confirmation unit 503, for determining the system-integrated software not corresponding to the package name of the system software package extracted from the system Rom as built-in application software.
The above embodiment queries to see whether the package name of the system-integrated software to be confirmed corresponds to that of a system software package extracted from a system Rom, so as to confirm that the system-integrated software whose package name does not correspond to that of the system software package as built-in application software, which achieves the goal of distinguishing the software type of the system-integrated software, and accurately identifying the built-in application software, so as to provide convenience for securely meeting the user demands for maintaining cleaning of the system and securely meeting the user demands for improving the running speed of the system or the like.
Further, in some embodiments, to confirm types of deletable software and undeletable software, for implementing risk management on software deletion, the apparatus further includes: a value determination and acquisition unit 501. Before the package name acquisition unit 501 acquires a package name of a piece of system-integrated software to be confirmed, the value determination and acquisition unit 501 determines whether a UID value of the acquired system-integrated software to be confirmed is less than 10000. The package name acquisition unit 501 is used for acquiring a package name of the system-integrated software to be confirmed if the UID value is less than 10000 in the system-integrated software to be confirmed. Because software whose UID value is less than 10000 can generally be deleted, the software can be classified as system-integrated software to be confirmed by further screening.
Further, in some embodiments, to provide another preposed screening condition to improve accuracy of built-in software identification, the apparatus further includes: a signature acquisition unit 505, for acquiring a signature of the system-integrated software to be confirmed; and  a publisher determination unit 506, for determining whether the signature of the system-integrated software to be confirmed belongs to a predetermined system application publisher before the value determination and acquisition unit 504 determines whether a UID value of the acquired system-integrated software to be confirmed is less than 10000. The value determination and acquisition unit 504 is used for determining, in the acquired system-integrated software to be confirmed, whether the UID value of the system-integrated software whose signature does not belong to the predetermined system application publisher is less than 10000.
The predetermined system application publisher can confirm different system application publishers according to different operating systems. Because operating systems all have their developers and publishers, the developer and publisher corresponding to the operating system serve as the predetermined system application publisher.
Further, in some embodiments, to provide another preposed screening condition to improve accuracy of built-in software identification, the apparatus further includes: a number determination unit 507, for, before the publisher determination unit 506 determines whether the signature of the system-integrated software to be confirmed belongs to a predetermined system application publisher, determining whether the number of a set of software with the same signature in the system-integrated software to be confirmed reaches a predetermined threshold. The publisher determination unit 506 is used for determining, in the system-integrated software to be confirmed, whether the signature of the system-integrated software to be confirmed for which the number of a set of software with the same signature does not reach the predetermined threshold belongs to the predetermined system application publisher.
The threshold can be determined artificially, and generally, a specific value is determined according to the type of a current system, the number of system application software of the current system and the like, for example, the value can be set as 30 in an Android system. The value can be determined according to different operating systems, and therefore, persons skilled in the art can determine the value accordingly, which is not limited in the embodiment of the present invention.
Further, in some embodiments, to provide another preposed screening condition to improve accuracy of built-in software identification, the apparatus further includes: a software acquisition unit 508, for, before the number determination unit 507 determines whether the number of a set of software with the same signature in the system-integrated software to be confirmed  reaches a predetermined threshold, acquiring software installed under a system software file directory as the system-integrated software to be confirmed.
The above embodiment performs first screening according to software installation directories, and can quickly distinguish user-installed software; in this way, the speed of software identification can be improved.
In the above example, if it is an android operating system, a path of the system-integrated software packages is /system/app, and a path of the user-installed software packages is /data/app, the two paths are installation directories based on an android system, for other operating systems, paths of the system-integrated software and the user-installed software may be different, besides, even if it is an android system, names of various software installation directories can also be changed; therefore, the above example should not be understood as a limit for the present disclosure.
Further, in some embodiments, to provide a method for confirming system application software, the apparatus further includes: a system confirmation unit 509, for, after the built-in confirmation unit 503 determines the built-in application software, confirming system-integrated software to be confirmed other than the built-in application software in the system-integrated software to be confirmed as system application software.
In this embodiment, the system application software is confirmed after built-in software is identified, and in fact, the system application software can be confirmed in the process of identifying the built-in software, for example, the various screening conditions of this embodiment, that is, the UID value of the system-integrated software to be confirmed is less than 10000, the signature of the system-integrated software to be confirmed belongs to the predetermined system application publisher, and the number of a set of software with the same signature in the system-integrated software to be confirmed reaches the predetermined threshold, can confirm the software as system application software. Therefore, a confirmation order in this embodiment is not a unique confirmation order of the embodiment of the present invention.
While particular embodiments are described above, it will be understood it is not intended to limit the disclosure to these particular embodiments. On the contrary, the disclosed technology includes alternatives, modifications and equivalents that are within the spirit and scope of the appended claims. Numerous specific details are set forth in order to provide a thorough understanding of the subject matter presented herein. But it will be apparent to one of ordinary skill in the art that the subject matter may be practiced without these specific details. In other instances,  well-known methods, procedures, components, and circuits have not been described in detail so as not to unnecessarily obscure aspects of the embodiments.
Although some of the various drawings illustrate a number of logical stages in a particular order, stages that are not order dependent may be reordered and other stages may be combined or broken out. While some reordering or other groupings are specifically mentioned, others will be obvious to those of ordinary skill in the art and so do not present an exhaustive list of alternatives. Moreover, it should be recognized that the stages could be implemented in hardware, firmware, software or any combination thereof.
The foregoing description, for purpose of explanation, has been described with reference to specific embodiments. However, the illustrative discussions above are not intended to be exhaustive or to limit the disclosed technology to the precise forms disclosed. Many modifications and variations are possible in view of the above teachings. The embodiments were chosen and described in order to best explain the principles of the invention and its practical applications, to thereby enable others skilled in the art to best utilize the disclosed technology and various embodiments with various modifications as are suited to the particular use contemplated.
Figure PCTCN2014092755-appb-000001

Claims (17)

  1. for at least a threshold period of time, and the software has only been executed by the user and never by the operating system.
  2. The method of claim 3, wherein the identified system-integrated software application is included in the listing of system-integrated software applications for software type determination in accordance with a determination that the respective past execution pattern of the identified system-integrated software application meets the one or more predetermined low risk patterns.
  3. The method of claim 3, wherein the identified system-integrated software application is included in the listing of system-integrated software applications for software type determination in accordance with a determination that the respective past execution pattern of the identified system-integrated software application does not meet the one or more predetermined low risk patterns.
  4. The method of claim 1, further comprising:
    identifying a plurality of screening conditions for identifying system application software, wherein determining whether each system-integrated software application in the listing of system-integrated software applications is system application software or built-in application software further comprises:
    applying two or more of the plurality of screening conditions in parallel on the system-integrated software application; and
    identifying the system-integrated software application as system application software if the two or more screening conditions are all passed by the system-integrated software application.
  5. A device, comprising:
    one or more processors; and
    memory having instructions stored thereon, the instructions, when executed by the one or more processors, cause the processors to perform operations comprising:
    obtaining a listing of system-integrated software applications for software type determination, the listing of system-integrated software applications being a subset of all software applications currently installed on the device;
    for each software application in the listing of system-integrated software applications for software type determination, determining whether the system-integrated software application is system application software or built-in application software; and
    presenting a listing of built-in application software identified from the listing of system-integrated software applications, with a respective affordance for deleting each respective built-in application software in the listing of identified built-in application software.
  6. The device of claim 8, wherein the operations further comprise:
    detecting a user instruction for deleting a respective piece of system application software identified from the listing of system-integrated software applications; and
    in response to detecting the user instruction for deleting the respective piece of system application software, providing a warning to a user regarding the deletion.
  7. The device of claim 8, wherein obtaining a listing of system-integrated software applications for software type determination further comprises:
    receiving a user instruction to optimize the device;
    in response to receiving the user instruction to optimize the device, identifying a plurality of system-integrated software applications from one or more predetermined system application directories of the device; and
    for each of the identified plurality of system-integrated software applications:
    determining a respective past execution pattern of the identified system-integrated software application; and
    in accordance with a determination of whether the respective past execution pattern meets one or more predetermined low risk patterns, including the identified system-integrated software application in the listing of system-integrated software applications for software type determination.
  8. The device of claim 10, wherein the one or more predetermined low risk patterns include at least one of: the software has never been executed on the device, the software has not been executed for at least a threshold period of time, and the software has only been executed by the user and never by the operating system.
  9. The device of claim 10, wherein the identified system-integrated software application is included in the listing of system-integrated software applications for software type determination in accordance with a determination that the respective past execution pattern of the identified system-integrated software application meets the one or more predetermined low risk patterns.
  10. The device of claim 10, wherein the identified system-integrated software application is included in the listing of system-integrated software applications for software type determination in accordance with a determination that the respective past execution pattern of the identified system-integrated software application does not meet the one or more predetermined low risk patterns.
  11. The device of claim 8, wherein the operations further comprise:
    identifying a plurality of screening conditions for identifying system application software, wherein determining whether each system-integrated software application in the listing of system-integrated software applications is system application software or built-in application software further comprises:
    applying two or more of the plurality of screening conditions in parallel on the system-integrated software application; and
    identifying the system-integrated software application as system application software if the two or more screening conditions are all passed by the system-integrated software application.
  12. A non-transitory computer-readable medium having instructions stored thereon, the instructions, when executed by one or more processors, cause the processors to perform operations comprising:
    obtaining a listing of system-integrated software applications for software type determination, the listing of system-integrated software applications being a subset of all software applications currently installed on the device;
    for each software application in the listing of system-integrated software applications for software type determination, determining whether the system-integrated software application is system application software or built-in application software; and
    presenting a listing of built-in application software identified from the listing of system-integrated software applications, with a respective affordance for deleting each respective built-in application software in the listing of identified built-in application software.
  13. The computer-readable medium of claim 15, wherein the operations further comprise:
    detecting a user instruction for deleting a respective piece of system application software identified from the listing of system-integrated software applications; and
    in response to detecting the user instruction for deleting the respective piece of system application software, providing a warning to a user regarding the deletion.
  14. The computer-readable medium of claim 15, wherein obtaining a listing of system-integrated software applications for software type determination further comprises:
    receiving a user instruction to optimize the device;
    in response to receiving the user instruction to optimize the device, identifying a plurality of system-integrated software applications from one or more predetermined system application directories of the device; and
    for each of the identified plurality of system-integrated software applications:
    determining a respective past execution pattern of the identified system-integrated software application; and
    in accordance with a determination of whether the respective past execution pattern meets one or more predetermined low risk patterns, including the identified system-integrated software application in the listing of system-integrated software applications for software type determination.
  15. The computer-readable medium of claim 17, wherein the one or more predetermined low risk patterns include at least one of: the software has never been executed on the device, the software has not been executed for at least a threshold period of time, and the software has only been executed by the user and never by the operating system.
  16. The computer-readable medium of claim 17, wherein the identified system-integrated software application is included in the listing of system-integrated software applications for software type determination in accordance with a determination that the respective past execution pattern of the identified system-integrated software application meets the one or more predetermined low risk patterns.
  17. The computer-readable medium of claim 17, wherein the identified system-integrated software application is included in the listing of system-integrated software applications for software type determination in accordance with a determination that the respective past execution pattern of the identified system-integrated software application does not meet the one or more predetermined low risk patterns.
PCT/CN2014/092755 2013-12-02 2014-12-02 Method and apparatus for distinguishing software types WO2015081834A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310634586.2A CN104679785B (en) 2013-12-02 2013-12-02 Method and device for distinguishing software types
CN201310634586.2 2013-12-02

Publications (1)

Publication Number Publication Date
WO2015081834A1 true WO2015081834A1 (en) 2015-06-11

Family

ID=53272883

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/092755 WO2015081834A1 (en) 2013-12-02 2014-12-02 Method and apparatus for distinguishing software types

Country Status (2)

Country Link
CN (1) CN104679785B (en)
WO (1) WO2015081834A1 (en)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109840097A (en) * 2019-01-08 2019-06-04 广东小天才科技有限公司 Channel information management method and device of mobile terminal, terminal and storage medium
CN112948831B (en) * 2021-03-12 2024-02-13 安天科技集团股份有限公司 Application risk identification method and device

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025835A (en) * 2010-12-06 2011-04-20 华为终端有限公司 Method and device for automatically classifying application programs in mobile terminal
CN102135992A (en) * 2011-03-15 2011-07-27 宇龙计算机通信科技(深圳)有限公司 Terminal application program classifying method and terminal
CN102693132A (en) * 2012-05-17 2012-09-26 福州博远无线网络科技有限公司 Method for automatically sorting application program based on Android
CN102779051A (en) * 2012-05-17 2012-11-14 江苏中科梦兰电子科技有限公司 Filtering method for application software based on Android system

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050268112A1 (en) * 2004-05-28 2005-12-01 Microsoft Corporation Managing spyware and unwanted software through auto-start extensibility points
CN102779257B (en) * 2012-06-28 2015-10-07 北京奇虎科技有限公司 A kind of safety detection method of Android application program and system
CN103019584B (en) * 2012-11-14 2015-08-19 广东欧珀移动通信有限公司 The method of mobile terminal device batch Uninstaller
CN103019798A (en) * 2013-01-16 2013-04-03 珠海市君天电子科技有限公司 Method and device for recognizing android system pre-installed software
CN103389898A (en) * 2013-07-22 2013-11-13 深圳市金立通信设备有限公司 Method for managing mobile terminal software and mobile terminal

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102025835A (en) * 2010-12-06 2011-04-20 华为终端有限公司 Method and device for automatically classifying application programs in mobile terminal
CN102135992A (en) * 2011-03-15 2011-07-27 宇龙计算机通信科技(深圳)有限公司 Terminal application program classifying method and terminal
CN102693132A (en) * 2012-05-17 2012-09-26 福州博远无线网络科技有限公司 Method for automatically sorting application program based on Android
CN102779051A (en) * 2012-05-17 2012-11-14 江苏中科梦兰电子科技有限公司 Filtering method for application software based on Android system

Also Published As

Publication number Publication date
CN104679785B (en) 2020-06-05
CN104679785A (en) 2015-06-03

Similar Documents

Publication Publication Date Title
US10805346B2 (en) Phishing attack detection
US10572240B2 (en) Operating system update management for enrolled devices
US8806643B2 (en) Identifying trojanized applications for mobile environments
WO2015043420A1 (en) Permission control method and device
US11068583B2 (en) Management of login information affected by a data breach
CN106790262B (en) Authentication method and device
CN108763951B (en) Data protection method and device
US9548865B2 (en) Token authentication for touch sensitive display devices
US10389710B2 (en) Method and system for extracting characteristic information
JP2017532707A (en) User verification based on digital fingerprint signal derived from out-of-band data
US9124623B1 (en) Systems and methods for detecting scam campaigns
CN115935321B (en) Method, device and storage medium for accessing algorithm library
US9510182B2 (en) User onboarding for newly enrolled devices
US9569617B1 (en) Systems and methods for preventing false positive malware identification
US10146926B2 (en) Differentiated authentication for compartmentalized computing resources
US10162488B1 (en) Browser-based media scan
WO2015081834A1 (en) Method and apparatus for distinguishing software types
US10579794B1 (en) Securing a network device by automatically identifying files belonging to an application
JP7445017B2 (en) Mobile application forgery/alteration detection method using user identifier and signature collection, computer program, computer readable recording medium, and computer device
EP3182313B1 (en) Content-based authentication
CN110928754A (en) Operation and maintenance auditing method, device, equipment and medium
US11750660B2 (en) Dynamically updating rules for detecting compromised devices
US20230215014A1 (en) Automated Image Processing System
KR20180007629A (en) File Searching Method using Identification Number
CN116451214A (en) Method and device for detecting right-raising risk

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14868622

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

32PN Ep: public notification in the ep bulletin as address of the adressee cannot be established

Free format text: NOTING OF LOSS OF RIGHTS PURSUANT TO RULE 112(1) EPC , EPO FORM 1205A DATED 27-10-16

122 Ep: pct application non-entry in european phase

Ref document number: 14868622

Country of ref document: EP

Kind code of ref document: A1