WO2015096695A1 - Installation control method, system and device for application program - Google Patents

Installation control method, system and device for application program Download PDF

Info

Publication number
WO2015096695A1
WO2015096695A1 PCT/CN2014/094653 CN2014094653W WO2015096695A1 WO 2015096695 A1 WO2015096695 A1 WO 2015096695A1 CN 2014094653 W CN2014094653 W CN 2014094653W WO 2015096695 A1 WO2015096695 A1 WO 2015096695A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
information
mobile terminal
user
server
Prior art date
Application number
PCT/CN2014/094653
Other languages
French (fr)
Chinese (zh)
Inventor
王鹏程
李旋
王力
张瑞博
Original Assignee
北京奇虎科技有限公司
奇智软件(北京)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京奇虎科技有限公司, 奇智软件(北京)有限公司 filed Critical 北京奇虎科技有限公司
Publication of WO2015096695A1 publication Critical patent/WO2015096695A1/en

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/306User profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/55Push-based network services

Definitions

  • the present application relates to the field of information security technologies, and in particular, to an installation control method, system, and apparatus for an application.
  • BYOD Back Your Own Device
  • the enterprise application is set in the enterprise management client, and the enterprise application is The data is also saved in the Enterprise Management client.
  • the area where the personal application and data reside is called the personal area
  • the area where the enterprise application and data are located that is, the area created by the enterprise management client is called the work area.
  • each enterprise user downloads and installs the corresponding application in the above manner, and cannot guarantee the same application downloaded by each enterprise user.
  • the version is consistent, so there may be problems with late data incompatibility; in addition, each enterprise user has to search and download for each application, which will consume a lot of time for enterprise users, and whether the application can be downloaded after downloading
  • the compatibility of its own mobile terminal is also unknown, so this method wastes a lot of human resources, which is not conducive to improving the efficiency of the enterprise.
  • the present application has been made in order to provide an overcoming of the above problems or at least partially Or an installation control method, system, and apparatus for an application that alleviates the above problems.
  • An embodiment of the present application provides an installation control method for an application, where the method includes: determining, by the server, a mobile terminal of each user in the user group according to a list of applications to be pushed set for each user group; The mobile terminal of each user in the group detects whether the enterprise management client on the mobile terminal logs in; when detecting the enterprise management client login on the mobile terminal, the user group corresponding to the application list to be pushed The information of each application is provided to the enterprise management client, and the enterprise management client installs the applications in the work area.
  • An embodiment of the present application provides an application installation control system, where the system includes a server and an enterprise management client on at least one mobile terminal: a server configured to list a list of applications to be pushed according to each user group. Determining identification information of the mobile terminal of each user in the user group; detecting, for the mobile terminal of each user in the user group, whether the enterprise management client on the mobile terminal logs in; when detecting the enterprise management on the mobile terminal When the client logs in, the information of each application in the application list to be pushed corresponding to the user group is provided to the enterprise management client; and at least one enterprise management client is configured to receive the application list sent by the server. Information for each application and install the various applications described in the workspace.
  • An embodiment of the present application provides an enterprise management client, including: a receiving module, configured to receive information about each application in a list of applications to be pushed provided by a server; and an installation module configured to install the in the work area Each application.
  • An embodiment of the present application provides a method, a system, and a device for installing an application, where the server provides a mobile terminal corresponding to each user group to the enterprise management client on the mobile terminal when it logs in.
  • a list of pushed applications that enable the Enterprise Management client to install each application in the application list in the workspace. Since the server sets the corresponding application list to be pushed for each user group in the embodiment of the present application, the information of the application required by the user group may be included in the application list, and the user group is Provided to avoid the user's unclear understanding of their work, no problem of downloading or downloading the wrong application affects productivity, and reducing the workload of each user in the user group searching and downloading the corresponding application in the application list , saving users' time and improving their work efficiency.
  • FIG. 1 is a schematic structural diagram of a system of an enterprise management system of a mobile terminal according to an embodiment of the present application
  • FIG. 2 is a schematic diagram of an installation process of an application according to an embodiment of the present application
  • FIG. 3 is a diagram showing an installation process of an application program according to Embodiment 1 of the present application.
  • FIG. 4 is a diagram showing an installation process of an application program according to Embodiment 2 of the present application.
  • FIG. 5 is a structural diagram of an installation control system of an application program according to an embodiment of the present application.
  • FIG. 6 is a structural diagram of an enterprise management client according to an embodiment of the present application.
  • FIG. 7 is a block diagram of a server for performing a method in accordance with the present application.
  • Figure 8 illustrates a storage unit for holding or carrying program code that implements the method according to the present application.
  • the embodiment of the present application provides an application installation method, system and device. .
  • the enterprise management system of the mobile terminal provided by the embodiment of the present application is a mobile terminal management platform for an enterprise, including a server deployed on the intranet of the enterprise and a client installed on the mobile terminal to be managed.
  • the server deployed on the intranet of the enterprise is referred to as a server
  • the client installed on the mobile terminal to be managed is referred to as an enterprise management client. among them:
  • the main functions of the server include: managing and delivering the application of the intranet, as well as managing and delivering security policies.
  • the server also provides a wealth of mobile terminal statistics and management tools.
  • the enterprise administrator can view each of the servers to be managed through the server.
  • Detailed information of the mobile terminal including: terminal model, system version, IMEI (International Mobile Equipment Identification Number), serial number, MSISDN (Mobile Subscriber International ISDN/PSTN Number) Number, commonly known as mobile number), whether it is offline, whether it is Root (super user), password replacement time, whether to install security software, power information, wireless network information, etc.
  • data leakage prevention includes data encryption, data isolation, etc.
  • encrypted data may be data related to system files; or user selected financial documents, production Data in documents, sales documents, market documents, human resources files, etc.; can also be data of user personal files, such as photos, videos, logs, etc.
  • a brief description of data encryption is performed by taking an implementation on an Android system as an example.
  • Data encryption is implemented by .so (dynamic link library) file, mainly injecting code into the application, so that the apk (Android Package, Android installation package) is initialized to call the .so file, to ensure the timing of the .so file is running. It is earlier than the time the file is read or written by the application. If it is late, the file will become "half encrypted", causing file corruption.
  • the .so file intercepts all file operations of the application and implements encryption.
  • the enterprise management system of the mobile terminal establishes a secure and independent working area on the mobile terminal based on the data leakage prevention mechanism of the enterprise management client, without affecting the feelings of the enterprise employees on the personal application.
  • Memory space, work area memory space refers to the memory space allocated to the enterprise management client, all enterprise applications and data are stored in the protected workspace.
  • the memory space outside the working area memory space in the memory space of the mobile terminal is called a personal area memory space (referred to as a personal area), and all personal applications and data are stored in the personal area, and the personal application cannot access the working area, that is, Unable to access corporate data to prevent corporate data from being illegally accessed and accessed by personal applications.
  • the enterprise management system of the mobile terminal provided by the embodiment of the present application not only completely isolates enterprise data and personal data, but also better protects enterprise applications and data, and provides an undifferentiated personal application experience for the enterprise employees, and achieves “one machine”. The dual use effect.
  • the Enterprise Management Server provides two application delivery methods: free installation and mandatory installation.
  • the application delivered by the free installation method is freely available for enterprise users to download and install; the application that is issued by the mandatory installation method needs to be installed by the enterprise user before the working area can be used normally.
  • the mandatory installation mode is generally adopted; for the personal application in the personal area, the free installation mode is generally adopted.
  • the application that is delivered in the free installation mode will be displayed in the application list of the enterprise application market in the workspace.
  • the client user can choose to download and install the application.
  • the application delivered by the mandatory installation mode needs to be installed by the client user. Use the workspace.
  • the application black and white list can provide a security management mechanism for the personal application in the personal area.
  • the name and version number of the application that is forbidden to be installed is listed in the application blacklist, and the name and version number of the application that is only allowed to be installed are listed in the application whitelist.
  • the settings for applying a blacklist or applying a whitelist are all configurable by the enterprise administrator.
  • the settings for the enterprise administrator to apply the blacklist or apply the whitelist include the following scenarios:
  • Scenario 2 prohibit the installation of applications that are exposed to security breaches or malicious behavior. For example, some specific applications, or applications whose security software detects malicious behavior, or vulnerable applications scanned by the vulnerability scanning function, can use the blacklist to prohibit security breaches or malicious attacks. The installation of the behavior of the application.
  • Scenario 3 The installation of certain file sharing applications, such as the installation of a network disk, is prohibited. Because the file sharing application causes the internal resources of the enterprise to be uploaded to the cloud, thereby destroying the privacy of the enterprise information, that is, The application of the file sharing application can be disabled by applying a blacklist.
  • enterprises can flexibly control the installation of applications in each user group by applying blacklists or applying whitelists according to the actual needs of the enterprise.
  • the enterprise application is generally an application that is forcibly issued by the enterprise and installed on the mobile terminal of the enterprise employee.
  • the enterprise application has high security and reliability, and the enterprise employee can use it with confidence; the embodiment of the present application is forced to be installed.
  • the application that provides an application's installation control method. Use enterprise mandatory installation for enterprise applications in the workspace. The specific implementation manner is described below to explain the delivery process of the enterprise application.
  • FIG. 2 is a schematic diagram of an installation process of an application according to an embodiment of the present application, where the process includes the following steps:
  • S201 The server determines, according to the application list to be pushed set for each user group, the mobile terminal of each user in the user group.
  • a dedicated space is set up in the server for storing the installation package of the application uploaded to the server.
  • the dedicated space is referred to as an enterprise application library.
  • the server maintains the name and version number of all applications that have uploaded the installation package to the server.
  • the application list may also include other information about the application, such as upload time, installation package size, and installation amount.
  • the application management list can be used to maintain related information of the application, so that the enterprise administrator can view and edit the application management list, and view statistics such as the installation amount of each application.
  • the installation package of the application is uploaded by the enterprise to the enterprise management server.
  • the enterprise management server installs the application before saving the installation package of the application.
  • the package performs virus detection and reinforcement processing.
  • Hardening the application's installation package prevents the application from being easily reversed to obtain the secret Key information such as the key system, while adding data encryption to the application, increasing the security factor.
  • the hardening of the application installation package is mainly to change the content of the application's class.dex file, perform some algorithmic encryption on the content, and then dynamically decrypt the content when the apk (Android Package, Android installation package) is running, restore the content.
  • modifying the class.dex file make sure it conforms to the native format of the dex file.
  • the installation packages of all uploaded applications are virus-detected and hardened to prevent malicious tampering, code injection, memory modification, data theft, decompilation and other threats.
  • Users can be divided into different user groups according to the similarity of the applications used between users.
  • Each user group contains at least one user.
  • users in the same functional department use similar applications.
  • users in the finance department use the same financial software
  • users in the R&D department use the same development software
  • users in the administrative department use the same Office software
  • users in the marketing department will use instant chat tools, such as Fetion, WeChat, QQ and so on. Therefore, when the user is divided into different user groups, the user can be divided according to the functional part of the user.
  • an application such as an anti-virus software or a firewall that monitors the security status of the work area of the mobile terminal can be pushed to each user group and installed in the work area of the corresponding user mobile terminal.
  • the server stores the identification information of the mobile terminal of each user included in each user group, where the identification information is configured as The mobile terminal performs identification, and the mobile terminal can be distinguished by the identification information. Thereby, it is possible to determine which mobile terminals to push information of each application in the application list to by the identification information.
  • the user group may be determined according to the application program that needs to be used for different user groups in the server.
  • step S202 Detect whether the enterprise management client on the mobile terminal logs in for the mobile terminal of each user in the user group, and if the detection result is yes, proceed to step S203; otherwise, proceed to step S202.
  • Detecting whether the enterprise management client on the mobile terminal is logged in includes many methods. For example, the enterprise management client sends the login information to the server every time the login is performed, so that the server delivers the latest policy to the enterprise management client, so the server can Whether to receive the login information of the enterprise management client for detection; Alternatively, the server sends an inquiry request to the enterprise management client to detect according to whether the enterprise management client responds.
  • the detection method also includes a plurality of types, which are not described in the embodiment of the present application. It is believed that those skilled in the art can determine the corresponding detection method according to the description of the embodiments of the present application.
  • S203 The information about each application in the application list to be pushed corresponding to the user group is provided to the enterprise management client, so that the enterprise management client installs the application in a work area.
  • the application list to be pushed includes information of at least one application, and the information of the application may be identification information of the application, such as the name of the application, or the code of the application, and the like.
  • the information of the application may also include one or more of the version number information of the application and the download address information of the application.
  • the information of the application can be carried in the control signaling.
  • the application list contains information of two or more applications
  • the information of each application may be included in one control signaling. It is also provided to the enterprise management client; or, a control signaling may include information of an application, and the information of each application is separately provided to the enterprise management client.
  • the enterprise management client can download and install the corresponding application in the work area according to the information of the application provided by the server.
  • the server sets the corresponding application list to be pushed for each user group in the embodiment of the present application
  • the information of the application required by the user group may be included in the application list, and the user group is Provided to avoid the user's unclear understanding of their work, no problem of downloading or downloading the wrong application affects productivity, and reducing the workload of each user in the user group searching and downloading the corresponding application in the application list , saving users' time and improving their work efficiency.
  • the information of each application in the list of applications to be pushed may be set by the administrator, and the administrator will set the name and version of each application when setting the corresponding application list to be pushed for each user group.
  • the number and download address information are set in the application list for subsequent push to the corresponding user.
  • the information of each application in the list of applications to be pushed may also be extracted by the server in the application store according to the corresponding rules.
  • the installation package of the application uploaded to the server is saved in the application store, and the application store maintains the name and version number of all the applications that have uploaded the installation package to the server, and may of course include other information of the application, such as uploading. Time, installation package size, installation amount, etc.
  • the enterprise administrator can set the name and version number information of each application in the list of applications to be pushed by the server. Based on the information set, the server looks up the installation package of the application with the corresponding name and version number in the application store, and adds the download address information of the installation package of the application to the application list.
  • the server maintains a list of applications to be pushed corresponding to the user group for each user group, which should
  • the application list stores identification information, version number information, download address information, and the like of each application.
  • an application for monitoring security such as anti-virus software and security guards, is stored in the application list to be pushed for each user group in the server. Wait.
  • the application list to be pushed set by the user group corresponding to the R&D department stores the name, version number, and download address information of each programming software, and the list of applications to be pushed set for the user group corresponding to the finance department.
  • the name, version number, and download address information of each financial software are stored in the file, and the name, version number, and download address information of each office software are stored in the application list to be pushed for the user group corresponding to the administrative department.
  • the name of the instant chat tool, the version number, and the download address information are stored in the application list to be pushed set by the user group corresponding to the marketing department.
  • the server determines the application list to be pushed corresponding to each user group, in order to ensure that there is no duplication of the application pushed to each user's enterprise management server, the workload of repeatedly pushing the same application by the server is reduced, and the application is implemented.
  • the examples also include:
  • the server saves the information of the application to the list of applications that have been pushed for the mobile terminal according to the information of the application provided to the mobile terminal.
  • the method further includes:
  • the subsequent providing step is performed.
  • the server In order to reduce the workload of the server repeatedly pushing the same application, the server locally stores, for each mobile terminal, a list of applications that have been pushed, and an application that has been pushed to the mobile terminal is saved in the list of applications that have been pushed.
  • Information The information of the application may be identification information of the application, and the version number information of the application is also included in the information of the application.
  • the server may carry the information of the application in the control signaling, and send the control signaling to the enterprise management client.
  • the information of the application carried in the control signaling may include the download address information of the application.
  • the specific server obtains the download address information of the application
  • the server directly obtains the download address information from the application list, when the application list is not
  • the server obtains the download address information of the corresponding application according to the information of each application provided by the application market.
  • the installation package of the application saved in each download address information is subjected to virus detection, hardening processing, and Encrypted processing.
  • the installation package of the application is uploaded to the server by a third party.
  • the server performs virus on the installation package of the application before saving the installation package of the application. Detection, hardening, and encryption processing.
  • the installation packages of all uploaded applications are protected by virus detection and hardening, so as to prevent malicious tampering, code injection, memory modification, data theft, decompilation and other threats, so as to ensure the security of the workspace in the enterprise management client.
  • the information of the application includes: identification information of the application, version number information of the application, and download address information of the application. At least one application is included in the list of applications to be pushed.
  • FIG. 3 is a diagram of an installation process of an application program according to Embodiment 1 of the present application, and the process includes the following steps:
  • S301 The server determines, according to the application list to be pushed set for each user group, the mobile terminal of each user in the user group.
  • the application list contains information of at least one application.
  • step S302 Determine, according to the list of application programs that have been pushed for each mobile terminal, whether the download address information of the application corresponding to the identification information is provided to the mobile terminal, and if the determination result is yes, proceed to step S303; otherwise, Go to step S305.
  • step S303 Determine whether the version number information of the application that has been pushed to the mobile terminal is consistent with the version number information of the application. If the determination result is yes, proceed to step S304; otherwise, proceed to step S305.
  • S304 The information of the application is not pushed to the enterprise management client on the mobile terminal.
  • step S305 Detect whether the enterprise management client on the mobile terminal logs in to the mobile terminal of each user in the user group, and if the detection result is yes, proceed to step S306; otherwise, proceed to step S305.
  • S306 The download address information of the application is carried in the control signaling, and is provided to the enterprise management client on the mobile terminal.
  • the server obtains the download address information of the application
  • the server obtains the download address information of the application according to the information of each application provided by the application market.
  • the above is the identification information of the application included in the application list, and the version number information of the application is taken as an example.
  • the application list only contains the identification information of the application, the In the above determination, only the determination of the above S302 is required, and if the determination result is YES, the process proceeds to step S304, otherwise, the process proceeds to step S305.
  • the server lists the application in the application list. Download address information carried in control signaling Provided to the enterprise management client on the mobile terminal.
  • the application list contains more information about the application, such as the identification information of the application and the version number information of the application, which can reduce the probability of repeated push of the application, when the application included in the application list
  • the efficiency of the server pushing the application to the enterprise management client can be improved.
  • the enterprise management client installs the application in the work area, including:
  • the enterprise management client downloads the installation package of the application to the corresponding address according to the download address information of the application carried in the received control signaling, and uses the extracted super user root authority to install the workstation in the work area.
  • the installation package of the application or,
  • the enterprise management client downloads the installation package of the application to the corresponding address according to the download address information of the application carried in the received control signaling, and provides the user with a prompt to install the installation package of the application.
  • the information after receiving the confirmation information that the user installs the installation package, install the installation package of the application in the work area.
  • the enterprise management client uses the implementation on the Android system as an example when installing the installation package of the application.
  • the enterprise management client first extracts the root privilege through a root code, and uses the root privilege to start a service with the root privilege.
  • the local Socket (socket) interface is reserved for invocation.
  • the enterprise management client calls the Socket interface, so that the Service Hook with root authority is on a core process System Service of the Android system, so that the Service with Root permission can monitor the mechanism of communication with the Binder (process in the Android system).
  • related IOCTL input and output control
  • the enterprise management client downloads the installation package of the corresponding application to the working area according to the download address information in the control signaling, and provides the user with installation of the application.
  • the prompt information of the package and according to the received user's instruction, perform subsequent operations, and when receiving the confirmation information that the user installs the installation package, install the installation package of the application in the work area; the received user does not install the installation
  • the application's installation process ends.
  • Root privileges can access and modify almost all files in the user's mobile terminal (Android system files and user files, excluding ROM).
  • the root privilege is the only super administrator in the system and has the same privileges as the operating system.
  • the installation package of the downloaded application can be directly installed.
  • the enterprise management client can detect whether the root authority identification file exists in the common directory of the mobile terminal, thereby detecting whether the mobile terminal has root authority. For example, for the mobile terminal of the Android system, the enterprise management client can detect whether there is a SU file in a directory such as /system/bin/system/sbin/system/xbin, and when it detects that the SU file exists, it is determined that the mobile terminal has root authority.
  • the enterprise management client can detect whether there is a file that is usually not authorized to access in the /Applications directory, and when there is a file that is normally not authorized to access, It is determined that the mobile terminal has root authority; otherwise, it is determined that the mobile terminal does not have root authority.
  • FIG. 4 is a diagram of an installation process of an application program according to Embodiment 2 of the present application, where the process includes the following steps:
  • S401 The server determines, according to the application list to be pushed set for each user group, the mobile terminal of each user in the user group.
  • the application list contains information of at least one application.
  • step S402 Determine, according to the list of the application programs that have been pushed for each mobile terminal, whether the download address information of the application corresponding to the identification information is provided to the mobile terminal, and if the determination result is yes, proceed to step S403; otherwise, Go to step S405.
  • step S403 Determine whether the version number information of the application that has been pushed to the mobile terminal is consistent with the version number information of the application. If the determination result is yes, proceed to step S404; otherwise, proceed to step S405.
  • step S405 Detect whether the enterprise management client on the mobile terminal logs in for the mobile terminal of each user in the user group, and if the detection result is yes, proceed to step S406; otherwise, proceed to step S405.
  • S406 The download address information of the application is carried in the control signaling, and is provided to the enterprise management client on the mobile terminal.
  • the enterprise management client obtains the download address information of the application carried in the received control signaling, and then downloads the installation package of the application to the corresponding address.
  • S408 The enterprise management client uses the extracted super user root authority to install the installation package of the application in the work area.
  • the enterprise management client provides the user with prompt information for installing the installation package of the application, and after receiving the confirmation information that the user installs the installation package, installing the installation package of the application in the work area; When the user receives the information that the installation package is not installed, the installation process of the application ends.
  • the server sets the corresponding application list to be pushed for each user group in the embodiment of the present application
  • the information of the application required by the user group may be included in the application list, and the user group is Provided to avoid the user's unclear understanding of their work, no problem of downloading or downloading the wrong application affects productivity, and reducing the workload of each user in the user group searching and downloading the corresponding application in the application list , saving users' time and improving their work efficiency.
  • FIG. 5 is a structural diagram of an installation control system of an application program according to an embodiment of the present application.
  • the system includes a server 51 and an enterprise management client 52 on at least one mobile terminal:
  • the server 51 is configured to determine, according to the application list to be pushed set for each user group, the mobile terminal of each user in the user group; and detect, for the mobile terminal of each user in the user group, the mobile terminal Whether the enterprise management client 52 logs in; when detecting that the enterprise management client 52 on the mobile terminal logs in, the information of each application in the application list to be pushed corresponding to the user group is provided to the enterprise management client. End 52;
  • At least one enterprise management client 52 is configured to receive information of each application in the application list sent by the server, and install the applications in the work area.
  • the server 51 is further configured to save the information of the application to the list of applications that have been pushed for the mobile terminal according to the information of the application provided to the mobile terminal.
  • the server 51 is further configured to determine, according to the list of applications that have been pushed for the mobile terminal, whether to push the information of the application to the mobile terminal; when it is determined that the application is not pushed to the mobile terminal When the information is available, follow-up steps are provided.
  • the server 51 is configured to acquire download address information of the application included in the application list to be pushed for each application, and the download address information is provided in the control signaling to be Enterprise management client.
  • the at least one enterprise management client 52 is configured to download the installation package of the application to the corresponding address according to the downloaded address information of the application carried in the received control signaling, and use the extracted super user root authority. Install the installation package for the application.
  • the at least one enterprise management client 52 is configured to download an installation package of the application to a corresponding address according to the downloaded address information of the application carried in the received control signaling, and provide the user with whether to install the The prompt information of the installation package of the application, after receiving the confirmation information that the user installs the installation package, installs the installation package of the application.
  • the server 51 is further configured to perform virus detection, reinforcement processing, and encryption processing on the installation package corresponding to each application included in the application list.
  • FIG. 6 is a structural diagram of an enterprise management client according to an embodiment of the present application, including:
  • the receiving module 61 is configured to receive information about each application in the application list to be pushed provided by the server;
  • the installation module 62 is configured to install the applications in the work area.
  • the installation module 62 is configured to download the installation package of the application to the corresponding address according to the downloaded address information of the application carried in the received control signaling, and use the extracted super user root permission to install in the work area.
  • the installation package for the application is configured to download the installation package of the application to the corresponding address according to the downloaded address information of the application carried in the received control signaling, and use the extracted super user root permission to install in the work area.
  • the installation module 62 is configured to download an installation package of the application to a corresponding address according to the downloaded address information of the application carried in the received control signaling, and provide the user with installation of the application.
  • the prompt information of the package after receiving the confirmation information that the user installs the installation package, installs the installation package of the application in the work area.
  • An embodiment of the present application provides a method, a system, and a device for installing an application, where the server provides a mobile terminal corresponding to each user group to the enterprise management client on the mobile terminal when it logs in.
  • a list of pushed applications that enable the Enterprise Management client to install each application in the application list in the workspace. Since the server sets the corresponding application list to be pushed for each user group in the embodiment of the present application, the information of the application required by the user group may be included in the application list, and the user group is Provided to avoid the user's unclear understanding of their work, no problem of downloading or downloading the wrong application affects productivity, and reducing the workload of each user in the user group searching and downloading the corresponding application in the application list , saving users' time and improving their work efficiency.
  • the device in the embodiment of the present application may include various devices such as a computer device and a mobile device.
  • the mobile device may be a variety of mobile devices, such as a game console, a laptop computer, a portable media player, a tablet computer, a tablet computer, a PDA, a mobile computer, and a mobile phone.
  • modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment.
  • the modules or units or components of the embodiments may be combined into one module or unit or component, and further they may be divided into a plurality of sub-modules or sub-units or sub-components.
  • any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed, or All processes or units of the device are combined.
  • Each feature disclosed in this specification (including the accompanying claims, the abstract and the drawings) may be replaced by alternative features that provide the same, equivalent or similar purpose.
  • the various component embodiments of the present application can be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof.
  • a microprocessor or digital signal processor may be used in practice to implement some or all of the installation control system of an application in accordance with embodiments of the present application. Some or all of the features.
  • the application can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein.
  • Such a program implementing the present application may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.
  • FIG. 7 shows a server that can implement an installation control method of an application according to the present application.
  • the server conventionally includes a processor 710 and a computer program product or computer readable medium in the form of a memory 720.
  • Memory 720 can be an electronic memory such as a flash memory, EEPROM (Electrically Erasable Programmable Read Only Memory), EPROM, hard disk, or ROM.
  • Memory 420 has a memory space 730 for program code 731 for performing any of the method steps described above.
  • storage space 730 for program code may include various program code 431 for implementing various steps in the above methods, respectively.
  • the program code can be read from or written to one or more computer program products.
  • Such computer program products include program code carriers such as hard disks, compact disks (CDs), memory cards or floppy disks.
  • Such a computer program product is typically a portable or fixed storage unit as described with reference to FIG.
  • the storage unit may have a storage section, a storage space, and the like arranged similarly to the storage 720 in the server of FIG.
  • the program code can be compressed, for example, in an appropriate form.
  • the storage unit includes computer readable code 731', code that can be read by a processor, such as 710, which, when executed by a server, causes the server to perform various steps in the methods described above.
  • "an embodiment," or "an embodiment," or "one or more embodiments" as used herein means that the particular features, structures, or characteristics described in connection with the embodiments are included in at least one embodiment of the present application.
  • phrase "in one embodiment" is not necessarily referring to the same embodiment.

Abstract

An installation method, system and device for an application program, which solve the problems of waste of time and low efficiency when a user downloads an application program. In the method, for a mobile terminal corresponding to each user group, when it is detected that an enterprise management client (52) on the mobile terminal logs in, a server (51) provides an application program list to be pushed for same, so that the enterprise management client (52) installs various application programs in the application program list in a working area. In the solution, since for each user group, the server (51) sets the application program list to be pushed corresponding thereto, the information about an application program required by the user group can be contained in the application program list and is provided for the user group, thereby reducing the workload of each user in the user group to search and download corresponding application programs in the application program list, saving the time of the user and improving the working efficiency thereof.

Description

一种应用程序的安装控制方法、系统及装置Installation control method, system and device for application 技术领域Technical field
本申请涉及信息安全技术领域,尤其涉及一种应用程序的安装控制方法、系统及装置。The present application relates to the field of information security technologies, and in particular, to an installation control method, system, and apparatus for an application.
背景技术Background technique
随着移动终端的成熟与普及,以智能手机、平板电脑为代表的个人移动终端设备逐渐进入企业领域。据国际权威咨询公司Gartner预测,到2014年90%的企业将会支持员工在个人移动终端设备上运行企业办公应用程序,员工使用个人移动终端设备办公已经成为一种无法逆转的潮流。With the maturity and popularity of mobile terminals, personal mobile terminal devices represented by smart phones and tablet PCs have gradually entered the enterprise field. According to Gartner, an international authoritative consulting firm, by 2014, 90% of enterprises will support employees to run corporate office applications on personal mobile devices. The use of personal mobile devices for employees has become an irreversible trend.
在BYOD(Bring Your Own Device,携带自己的设备办公)中,同一移动终端上既有个人应用程序和数据,也有企业应用程序和数据,企业应用程序设置在企业管理客户端中,企业应用程序的数据也保存在企业管理客户端中。为了区别,个人应用程序和数据所在的区域被称为个人区,企业应用程序和数据所在的区域,即企业管理客户端创建的区域被称为工作区。In BYOD (Bring Your Own Device), the same mobile terminal has both personal applications and data, as well as enterprise applications and data. The enterprise application is set in the enterprise management client, and the enterprise application is The data is also saved in the Enterprise Management client. To distinguish, the area where the personal application and data reside is called the personal area, and the area where the enterprise application and data are located, that is, the area created by the enterprise management client is called the work area.
随着BYOD现象的普及,越来越多的企业用户将使用移动终端办公。现有BYOD现象中,每个企业用户根据自身的需求,下载并安装相应的应用程序。企业用户对本身工作了解的不同,可能会导致企业用户下载的应用程序也不同,例如企业用户工作中需要使用某一应用程序,但其由于其对本身工作了解的不够清楚并没有下载该应用程序,在后续工作时,将会影响其工作效率。With the popularity of the BYOD phenomenon, more and more enterprise users will use mobile terminals to work. In the existing BYOD phenomenon, each enterprise user downloads and installs the corresponding application according to his own needs. Different understandings of the work of the enterprise users may lead to different applications downloaded by the enterprise users. For example, an enterprise user needs to use an application in his work, but because he does not know enough about his work, he does not download the application. In the follow-up work, it will affect its work efficiency.
另外办公性质相同的企业,每个企业用户可能需要的应用程序基本都是相同的,每个企业用户都采用上述方式下载并安装相应的应用程序,无法保证每个企业用户下载的相同应用程序的版本一致,从而可能会出现后期数据不兼容的问题;另外,每个企业用户针对每个应用程序都要进行搜索、下载的操作,将会耗费企业用户大量的时间,应用程序下载后是否能够与自身的移动终端兼容也是未知的,因此该方式浪费了大量的人力资源,不利于提高企业的工作效率。In addition, for enterprises with the same office nature, the applications that each enterprise user may need are basically the same. Each enterprise user downloads and installs the corresponding application in the above manner, and cannot guarantee the same application downloaded by each enterprise user. The version is consistent, so there may be problems with late data incompatibility; in addition, each enterprise user has to search and download for each application, which will consume a lot of time for enterprise users, and whether the application can be downloaded after downloading The compatibility of its own mobile terminal is also unknown, so this method wastes a lot of human resources, which is not conducive to improving the efficiency of the enterprise.
发明内容Summary of the invention
鉴于上述问题,提出了本申请以便提供一种克服上述问题或者至少部分地解决 或者减缓上述问题的一种应用程序的安装控制方法、系统及装置。In view of the above problems, the present application has been made in order to provide an overcoming of the above problems or at least partially Or an installation control method, system, and apparatus for an application that alleviates the above problems.
本申请实施例提供了一种应用程序的安装控制方法,该方法包括:服务器根据针对每个用户组设置的待推送的应用程序列表,确定该用户组中每个用户的移动终端;针对该用户组中每个用户的移动终端,检测该移动终端上的企业管理客户端是否登录;当检测到该移动终端上的企业管理客户端登录时,将该用户组对应的待推送的应用程序列表中的各应用程序的信息提供给所述企业管理客户端,使所述企业管理客户端在工作区中安装所述各应用程序。An embodiment of the present application provides an installation control method for an application, where the method includes: determining, by the server, a mobile terminal of each user in the user group according to a list of applications to be pushed set for each user group; The mobile terminal of each user in the group detects whether the enterprise management client on the mobile terminal logs in; when detecting the enterprise management client login on the mobile terminal, the user group corresponding to the application list to be pushed The information of each application is provided to the enterprise management client, and the enterprise management client installs the applications in the work area.
本申请实施例提供了一种应用程序的安装控制系统,该系统包括服务器和至少一个移动终端上的企业管理客户端:服务器,配置为据针对每个用户组设置的待推送的应用程序列表,确定该用户组中每个用户的移动终端的标识信息;针对该用户组中每个用户的移动终端,检测该移动终端上的企业管理客户端是否登录;当检测到该移动终端上的企业管理客户端登录时,将该用户组对应的待推送的应用程序列表中的各应用程序的信息提供给所述企业管理客户端;至少一个企业管理客户端,配置为接收服务器发送的应用程序列表中的各应用程序的信息,并在工作区中安装所述各应用程序。An embodiment of the present application provides an application installation control system, where the system includes a server and an enterprise management client on at least one mobile terminal: a server configured to list a list of applications to be pushed according to each user group. Determining identification information of the mobile terminal of each user in the user group; detecting, for the mobile terminal of each user in the user group, whether the enterprise management client on the mobile terminal logs in; when detecting the enterprise management on the mobile terminal When the client logs in, the information of each application in the application list to be pushed corresponding to the user group is provided to the enterprise management client; and at least one enterprise management client is configured to receive the application list sent by the server. Information for each application and install the various applications described in the workspace.
本申请实施例提供了一种企业管理客户端,包括:接收模块,配置为接收服务器提供的待推送的应用程序列表中的各应用程序的信息;安装模块,配置为在工作区中安装所述各应用程序。An embodiment of the present application provides an enterprise management client, including: a receiving module, configured to receive information about each application in a list of applications to be pushed provided by a server; and an installation module configured to install the in the work area Each application.
本申请实施例提供了一种应用程序的安装方法、系统及装置,该方法中服务器针对每个用户组对应的移动终端,在检测到移动终端上的企业管理客户端登陆时,向其提供待推送的应用程序列表,使企业管理客户端在工作区中安装该应用程序列表中的各应用程序。由于在本申请实施例中服务器针对每个用户组设置了其对应的待推送的应用程序列表,可以将该用户组所需的应用程序的信息包含在该应用程序列表中,并向该用户组提供,从而可以避免用户对自身工作了解不清楚,没有下载或下载错误应用程序影响工作效率的问题,并且减少了该用户组中每个用户搜索并下载该应用程序列表中相应应用程序的工作量,节省了用户的时间,提高了其工作效率。An embodiment of the present application provides a method, a system, and a device for installing an application, where the server provides a mobile terminal corresponding to each user group to the enterprise management client on the mobile terminal when it logs in. A list of pushed applications that enable the Enterprise Management client to install each application in the application list in the workspace. Since the server sets the corresponding application list to be pushed for each user group in the embodiment of the present application, the information of the application required by the user group may be included in the application list, and the user group is Provided to avoid the user's unclear understanding of their work, no problem of downloading or downloading the wrong application affects productivity, and reducing the workload of each user in the user group searching and downloading the corresponding application in the application list , saving users' time and improving their work efficiency.
上述说明仅是本申请技术方案的概述,为了能够更清楚了解本申请的技术手段,而可依照说明书的内容予以实施,并且为了让本申请的上述和其它目的、特征和优点能够更明显易懂,以下特举本申请的具体实施方式。The above description is only an overview of the technical solutions of the present application, and the technical means of the present application can be more clearly understood, and the above and other objects, features and advantages of the present application can be more clearly understood. The following is a specific embodiment of the present application.
附图说明 DRAWINGS
通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员将变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本申请的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those skilled in the art from a The drawings are only for the purpose of illustrating the preferred embodiments and are not intended to be limiting. Throughout the drawings, the same reference numerals are used to refer to the same parts. In the drawing:
图1为本申请实施例中移动终端的企业管理系统的系统架构示意图;1 is a schematic structural diagram of a system of an enterprise management system of a mobile terminal according to an embodiment of the present application;
图2为本申请实施例提供了一种应用程序的安装过程图;FIG. 2 is a schematic diagram of an installation process of an application according to an embodiment of the present application;
图3为本申请实施例一提供的应用程序的安装过程图;3 is a diagram showing an installation process of an application program according to Embodiment 1 of the present application;
图4为本申请实施例二提供的一种应用程序的安装过程图;4 is a diagram showing an installation process of an application program according to Embodiment 2 of the present application;
图5为本申请实施例提供的一种应用程序的安装控制系统结构图。FIG. 5 is a structural diagram of an installation control system of an application program according to an embodiment of the present application.
图6为本申请实施例提供的一种企业管理客户端结构图;FIG. 6 is a structural diagram of an enterprise management client according to an embodiment of the present application;
图7用于执行根据本申请的方法的服务器的框图;以及Figure 7 is a block diagram of a server for performing a method in accordance with the present application;
图8示出了用于保持或者携带实现根据本申请的方法的程序代码的存储单元。Figure 8 illustrates a storage unit for holding or carrying program code that implements the method according to the present application.
具体实施例Specific embodiment
为了减少BYOD场景中企业用户进行应用程序搜索及下载的工作量,减少其进行应用程序搜索及下载的时间,提高其工作效率,本申请实施例提供了一种应用程序的安装方法、系统及装置。In order to reduce the workload of the application search and download of the enterprise user in the BYOD scenario, reduce the time for the application to search and download, and improve the work efficiency, the embodiment of the present application provides an application installation method, system and device. .
下面将参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够将本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. While the embodiments of the present invention have been shown in the drawings, the embodiments Rather, these embodiments are provided so that this disclosure will be more fully understood and the scope of the disclosure will be fully disclosed.
下面结合说明书附图,本申请实施例进行详细说明。The embodiments of the present application are described in detail below with reference to the accompanying drawings.
首先,对本申请实施例提供的移动终端的企业管理系统的系统架构进行说明。如图1所示,本申请实施例提供的移动终端的企业管理系统是面向企业的移动终端管理平台,包括部署在企业内网的服务端和安装在需要被管理的移动终端上的客户端,本申请实施例中,将部署在企业内网的服务端称为服务器,安装在需要被管理的移动终端上的客户端称为企业管理客户端。其中:First, the system architecture of the enterprise management system of the mobile terminal provided by the embodiment of the present application is described. As shown in FIG. 1 , the enterprise management system of the mobile terminal provided by the embodiment of the present application is a mobile terminal management platform for an enterprise, including a server deployed on the intranet of the enterprise and a client installed on the mobile terminal to be managed. In the embodiment of the present application, the server deployed on the intranet of the enterprise is referred to as a server, and the client installed on the mobile terminal to be managed is referred to as an enterprise management client. among them:
服务器的主要功能包括:管理、下发企业内网的应用,以及管理、下发安全策略等;服务器还提供丰富的移动终端统计与管理工具,企业管理员可以通过服务器查看每个需要被管理的移动终端的详细信息,包括:终端型号、系统版本、IMEI(International Mobile Equipment Identification Number,国际移动设备识别码)、序列号、MSISDN(Mobile Subscriber International ISDN/PSTN Number,即移动台识别 号码,俗称手机号码)、是否离线、是否Root(超级用户)、更换密码时间、是否安装安全软件、电源信息、无线网络信息等。The main functions of the server include: managing and delivering the application of the intranet, as well as managing and delivering security policies. The server also provides a wealth of mobile terminal statistics and management tools. The enterprise administrator can view each of the servers to be managed through the server. Detailed information of the mobile terminal, including: terminal model, system version, IMEI (International Mobile Equipment Identification Number), serial number, MSISDN (Mobile Subscriber International ISDN/PSTN Number) Number, commonly known as mobile number), whether it is offline, whether it is Root (super user), password replacement time, whether to install security software, power information, wireless network information, etc.
企业管理客户端的主要功能包括:数据防泄密,执行安全策略等,数据防泄密包括数据加密、数据隔离等,加密的数据可以是涉及系统文件内的数据;或者是用户选定的财务文件、生产文件、销售文件、市场文件、人力资源文件等内的数据;还可以是用户个人文件的数据,例如:照片、视频、日志等。以在Android(安卓)系统上实现为例对数据加密进行简要说明。数据加密是通过.so(动态链接库)文件实现,主要是在应用程序中注入代码,使得apk(Android Package,安卓安装包)初始化时去调用该.so文件,要保证.so文件运行的时机比应用程序的读写文件的时间早,如果晚了文件就会变成“一半加密的状态”,导致文件损坏。通过数据加密,.so文件会拦截该应用程序的所有文件操作,实现加密。The main functions of the enterprise management client include: data leakage prevention, enforcement of security policies, etc., data leakage prevention includes data encryption, data isolation, etc., encrypted data may be data related to system files; or user selected financial documents, production Data in documents, sales documents, market documents, human resources files, etc.; can also be data of user personal files, such as photos, videos, logs, etc. A brief description of data encryption is performed by taking an implementation on an Android system as an example. Data encryption is implemented by .so (dynamic link library) file, mainly injecting code into the application, so that the apk (Android Package, Android installation package) is initialized to call the .so file, to ensure the timing of the .so file is running. It is earlier than the time the file is read or written by the application. If it is late, the file will become "half encrypted", causing file corruption. Through data encryption, the .so file intercepts all file operations of the application and implements encryption.
本申请实施例提供的移动终端的企业管理系统,基于企业管理客户端的数据防泄密机制,在不影响企业员工对个人应用使用感受的基础上,在移动终端上建立了一个安全、独立的工作区内存空间,工作区内存空间(简称工作区)是指分配给企业管理客户端的内存空间,所有的企业应用和数据存储在受保护的工作区内。相应的,移动终端的内存空间中工作区内存空间之外的内存空间称为个人区内存空间(简称个人区),所有的个人应用和数据存储在个人区内,个人应用无法访问工作区,即无法访问企业数据,从而避免企业数据被个人应用非法访问、存取。本申请实施例提供的移动终端的企业管理系统,不仅将企业数据和个人数据完全隔离,更好地保护企业应用和数据,也为企业员工提供了无差别的个人应用体验,达到了“一机两用”的效果。The enterprise management system of the mobile terminal provided by the embodiment of the present application establishes a secure and independent working area on the mobile terminal based on the data leakage prevention mechanism of the enterprise management client, without affecting the feelings of the enterprise employees on the personal application. Memory space, work area memory space (referred to as work area) refers to the memory space allocated to the enterprise management client, all enterprise applications and data are stored in the protected workspace. Correspondingly, the memory space outside the working area memory space in the memory space of the mobile terminal is called a personal area memory space (referred to as a personal area), and all personal applications and data are stored in the personal area, and the personal application cannot access the working area, that is, Unable to access corporate data to prevent corporate data from being illegally accessed and accessed by personal applications. The enterprise management system of the mobile terminal provided by the embodiment of the present application not only completely isolates enterprise data and personal data, but also better protects enterprise applications and data, and provides an undifferentiated personal application experience for the enterprise employees, and achieves “one machine”. The dual use effect.
企业管理服务器提供两种应用程序下发方式:自由安装和强制安装。通过自由安装方式下发的应用程序,供企业用户自由选择下载安装;通过强制安装方式下发的应用程序,企业用户需安装该应用程序后才能正常使用工作区。具体实施中,针对工作区内的企业应用,一般采用强制安装方式;针对个人区内的个人应用,一般采用自由安装方式。当然也可以对工作区内的企业应用采用自由安装方式。通过自由安装方式下发的应用程序,将显示在工作区企业应用市场的应用列表中,客户端用户可自由选择下载安装;通过强制安装方式下发的应用,客户端用户需安装此应用才能正常使用工作区。The Enterprise Management Server provides two application delivery methods: free installation and mandatory installation. The application delivered by the free installation method is freely available for enterprise users to download and install; the application that is issued by the mandatory installation method needs to be installed by the enterprise user before the working area can be used normally. In the specific implementation, for the enterprise application in the work area, the mandatory installation mode is generally adopted; for the personal application in the personal area, the free installation mode is generally adopted. Of course, it is also possible to use a free installation method for enterprise applications in the work area. The application that is delivered in the free installation mode will be displayed in the application list of the enterprise application market in the workspace. The client user can choose to download and install the application. The application delivered by the mandatory installation mode needs to be installed by the client user. Use the workspace.
由于移动终端一般是企业配发给企业员工的,采用应用黑、白名单,可以为个人区内的个人应用提供安全管理机制。应用黑名单中会列出禁止安装的应用程序的名称及版本号,应用白名单中会列出仅允许安装的应用程序的名称及版本号。 Since the mobile terminal is generally distributed to the employees of the enterprise, the application black and white list can provide a security management mechanism for the personal application in the personal area. The name and version number of the application that is forbidden to be installed is listed in the application blacklist, and the name and version number of the application that is only allowed to be installed are listed in the application whitelist.
应用黑名单或应用白名单的设置都是企业管理员可以配置的。企业管理员对应用黑名单或者应用白名单的设置包括如下场景:The settings for applying a blacklist or applying a whitelist are all configurable by the enterprise administrator. The settings for the enterprise administrator to apply the blacklist or apply the whitelist include the following scenarios:
场景一、企业所有移动终端设备,仅允许企业员工办公使用,因此会限制仅允许安装办公使用的应用程序,即可以采用应用白名单的方式限定仅允许安装工作相关的应用程序。Scenario 1. All mobile terminal devices of the enterprise only allow the employees of the enterprise to use the office. Therefore, the application that only allows the office to be installed is restricted, that is, the application-only whitelist can be used to limit the application that only allows the installation work to be related.
场景二、禁止被曝出有安全漏洞或恶意行为的应用程序的安装。例如一些特定的应用程序,或者是安全软件查出有恶意行为的应用程序,或者是漏洞扫描功能扫描出的有安全漏洞的应用程序等,即可以采用应用黑名单的方式禁止有安全漏洞或恶意行为的应用程序的安装。Scenario 2, prohibit the installation of applications that are exposed to security breaches or malicious behavior. For example, some specific applications, or applications whose security software detects malicious behavior, or vulnerable applications scanned by the vulnerability scanning function, can use the blacklist to prohibit security breaches or malicious attacks. The installation of the behavior of the application.
场景三、禁止某些文件分享类应用程序的安装,例如网盘等应用程序的安装,因为文件分享类应用程序会导致企业内部的资源被上传到云端,从而破坏了企业信息的私密性,即可以采用应用黑名单的方式禁止文件分享类应用程序的安装。Scenario 3: The installation of certain file sharing applications, such as the installation of a network disk, is prohibited. Because the file sharing application causes the internal resources of the enterprise to be uploaded to the cloud, thereby destroying the privacy of the enterprise information, that is, The application of the file sharing application can be disabled by applying a blacklist.
其他具体场景不再一一列举,总之,企业可以按照本企业的实际需求,采用应用黑名单或者应用白名单的方式,灵活的控制每一个用户组中应用程序的安装。Other specific scenarios are not listed one by one. In short, enterprises can flexibly control the installation of applications in each user group by applying blacklists or applying whitelists according to the actual needs of the enterprise.
企业应用一般是企业强制下发并安装在企业员工的移动终端上的应用程序,一般情况下,企业应用具有较高的安全可靠性,企业员工可以放心使用;本申请实施例通过强制安装方式下发的应用程序,提供了一种应用程序的安装控制方法。针对工作区中的企业应用采用企业强制安装的方式。下面提供具体的实施方式说明企业应用的下发过程。The enterprise application is generally an application that is forcibly issued by the enterprise and installed on the mobile terminal of the enterprise employee. Generally, the enterprise application has high security and reliability, and the enterprise employee can use it with confidence; the embodiment of the present application is forced to be installed. The application that provides an application's installation control method. Use enterprise mandatory installation for enterprise applications in the workspace. The specific implementation manner is described below to explain the delivery process of the enterprise application.
图2为本申请实施例提供了一种应用程序的安装过程图,该过程包括以下步骤:FIG. 2 is a schematic diagram of an installation process of an application according to an embodiment of the present application, where the process includes the following steps:
S201:服务器根据针对每个用户组设置的待推送的应用程序列表,确定该用户组中每个用户的移动终端。S201: The server determines, according to the application list to be pushed set for each user group, the mobile terminal of each user in the user group.
具体的,在服务器中建立了一个专用空间,用于存储上传到服务器的应用程序的安装包,本申请实施例中将该专用空间称为企业应用库。服务器中维护有所有已上传安装包到服务器的应用程序的名称及版本号,当然该应用程序列表中也可以包括该应用程序的其他信息,例如上传时间、安装包大小、安装量等。例如可以采用采用应用管理列表对上述应用程序的相关信息进行维护,从而企业管理员可以查看、编辑应用管理列表,查看各应用程序的安装量等统计信息。Specifically, a dedicated space is set up in the server for storing the installation package of the application uploaded to the server. In the embodiment of the present application, the dedicated space is referred to as an enterprise application library. The server maintains the name and version number of all applications that have uploaded the installation package to the server. Of course, the application list may also include other information about the application, such as upload time, installation package size, and installation amount. For example, the application management list can be used to maintain related information of the application, so that the enterprise administrator can view and edit the application management list, and view statistics such as the installation amount of each application.
一般情况下,应用程序的安装包是由企业上传给企业管理服务器的,为了保证移动终端上所使用应用程序的安全可靠性,企业管理服务器在保存应用程序的安装包之前,对应用程序的安装包进行病毒检测和加固处理。In general, the installation package of the application is uploaded by the enterprise to the enterprise management server. In order to ensure the security and reliability of the application used on the mobile terminal, the enterprise management server installs the application before saving the installation package of the application. The package performs virus detection and reinforcement processing.
对应用程序的安装包进行加固处理,可以防止应用程序被轻易逆向从而获取密 钥体系等关键信息,同时给应用程序增加了数据加密的功能,增加安全系数。以在Android(安卓)系统上实现为例对应用程序的安装包进行加固处理进行简要说明。对应用程序的安装包进行加固处理主要就是改变应用程序的class.dex文件的内容,对其内容进行一些算法加密,在apk(Android Package,安卓安装包)运行时再动态的去解密,还原内容;在修改class.dex文件的时候要保证其符合dex文件的固有格式。所有上传的应用程序的安装包均经过病毒检测和加固处理,从而杜绝恶意篡改、代码注入、内存修改、窃取数据、反编译等威胁。Hardening the application's installation package prevents the application from being easily reversed to obtain the secret Key information such as the key system, while adding data encryption to the application, increasing the security factor. A brief description will be given on the implementation of the Android (Android) system to strengthen the installation package of the application. The hardening of the application installation package is mainly to change the content of the application's class.dex file, perform some algorithmic encryption on the content, and then dynamically decrypt the content when the apk (Android Package, Android installation package) is running, restore the content. When modifying the class.dex file, make sure it conforms to the native format of the dex file. The installation packages of all uploaded applications are virus-detected and hardened to prevent malicious tampering, code injection, memory modification, data theft, decompilation and other threats.
BYOD场景中很多用户使用的应用程序可能都是相同,可以根据用户之间使用的应用程序的相似度,将用户划分为不同的用户组,每个用户组中包含至少一个用户。例如,同一职能部门的用户使用的应用程序的相似比较高,例如财务部的各用户会使用相同的财务软件,研发部的各用户会使用相同的开发软件,行政部的各用户会使用相同的office办公软件,市场部的各用户会使用即时聊天工具,例如飞信、微信、QQ等等。因此具体的,在将用户划分到不同的用户组时,可以根据用户所在的职能部分进行划分。另外,针对对移动终端的工作区的安全状态进行监控的杀毒软件、防火墙等应用程序,可以对各用户组都进行推送,并安装在对应用户移动终端的工作区中。Many users in the BYOD scenario may use the same application. Users can be divided into different user groups according to the similarity of the applications used between users. Each user group contains at least one user. For example, users in the same functional department use similar applications. For example, users in the finance department use the same financial software, users in the R&D department use the same development software, and users in the administrative department use the same Office software, users in the marketing department will use instant chat tools, such as Fetion, WeChat, QQ and so on. Therefore, when the user is divided into different user groups, the user can be divided according to the functional part of the user. In addition, an application such as an anti-virus software or a firewall that monitors the security status of the work area of the mobile terminal can be pushed to each user group and installed in the work area of the corresponding user mobile terminal.
将用户划分到不同的用户组后,为了便于应用程序的推送及安装,在服务器中保存有每个用户组中包含的每个用户的移动终端的标识信息,其中,所述标识信息配置为对移动终端进行标识,通过标识信息可以对移动终端进行区分。从而可以通过标识信息确定将应用程序列表中的各应用程序的信息推送给哪些移动终端。After the user is divided into different user groups, in order to facilitate the push and installation of the application, the server stores the identification information of the mobile terminal of each user included in each user group, where the identification information is configured as The mobile terminal performs identification, and the mobile terminal can be distinguished by the identification information. Thereby, it is possible to determine which mobile terminals to push information of each application in the application list to by the identification information.
为了减少BYOD场景中每个用户在工作区下载应用程序的工作量及时间,在本申请实施例中可以在服务器中针对不同的用户组,根据其需要使用的各应用程序,确定该用户组对应的待推送的应用程序列表,将至少一个应用程序的信息包含在该应用程序列表中。In order to reduce the workload and time for each user to download an application in the work area in the BYOD scenario, in the embodiment of the present application, the user group may be determined according to the application program that needs to be used for different user groups in the server. A list of applications to be pushed, including information of at least one application in the application list.
服务器中针对每个用户组维护有待推送的应用程序列表,该应用程序列表中包括待推送给该用户组中每个企业管理客户端的应用程序的名称及版本号,当然也可以包括该应用程序的其他信息,例如上传时间、安装包大小、安装量等。Maintaining, in the server, a list of applications to be pushed for each user group, the application list including the name and version number of the application to be pushed to each enterprise management client in the user group, and may of course include the application Other information, such as upload time, package size, install amount, etc.
S202:针对该用户组中每个用户的移动终端,检测该移动终端上的企业管理客户端是否登录,当检测结果为是时进行步骤S203,否则,进行步骤S202。S202: Detect whether the enterprise management client on the mobile terminal logs in for the mobile terminal of each user in the user group, and if the detection result is yes, proceed to step S203; otherwise, proceed to step S202.
检测移动终端上的企业管理客户端是否登录包括很多方法,例如企业管理客户端在每次登录时,向服务器发送登录信息,以便服务器将最新的策略下发到企业管理客户端,因此服务器可以根据是否接收到企业管理客户端的登录信息进行检测; 或者,服务器向企业管理客户端发送询问请求,根据企业管理客户端是否回复进行检测。检测方法还包括多种,在本申请实施例中就不进行赘述,相信本领域技术人员能够根据本申请实施例的描述,确定相应的检测方法。Detecting whether the enterprise management client on the mobile terminal is logged in includes many methods. For example, the enterprise management client sends the login information to the server every time the login is performed, so that the server delivers the latest policy to the enterprise management client, so the server can Whether to receive the login information of the enterprise management client for detection; Alternatively, the server sends an inquiry request to the enterprise management client to detect according to whether the enterprise management client responds. The detection method also includes a plurality of types, which are not described in the embodiment of the present application. It is believed that those skilled in the art can determine the corresponding detection method according to the description of the embodiments of the present application.
S203:将该用户组对应的待推送的应用程序列表中的各应用程序的信息提供给所述企业管理客户端,使所述企业管理客户端在工作区中安装所述各应用程序。S203: The information about each application in the application list to be pushed corresponding to the user group is provided to the enterprise management client, so that the enterprise management client installs the application in a work area.
该待推送的应用程序列表中包含至少一个应用程序的信息,该应用程序的信息可以是该应用程序的标识信息,例如该应用程序的名称,或者该应用程序的代码等等。该应用程序的信息还可以包括应用程序的版本号信息,和应用程序的下载地址信息中的一种或几种。The application list to be pushed includes information of at least one application, and the information of the application may be identification information of the application, such as the name of the application, or the code of the application, and the like. The information of the application may also include one or more of the version number information of the application and the download address information of the application.
服务器在向企业管理客户端提供应用程序的信息时,可以将应用程序的信息携带在控制信令中。当该应用程序列表中包含2个或者2个以上的应用程序的信息时,服务器在向企业管理客户端提供各应用程序的信息时,可以将各应用程序的信息包含在一条控制信令中,一并提供给企业管理客户端;或者,也可以一条控制信令包含一个应用程序的信息,将每个应用程序的信息分别提供给企业管理客户端。当应用程序的信息提供给企业管理客户端后,企业管理客户端可以根据服务器提供的应用程序的信息,在工作区进行相应应用程序的下载安装。When the server provides the application information to the enterprise management client, the information of the application can be carried in the control signaling. When the application list contains information of two or more applications, when the server provides the information of each application to the enterprise management client, the information of each application may be included in one control signaling. It is also provided to the enterprise management client; or, a control signaling may include information of an application, and the information of each application is separately provided to the enterprise management client. After the application information is provided to the enterprise management client, the enterprise management client can download and install the corresponding application in the work area according to the information of the application provided by the server.
由于在本申请实施例中服务器针对每个用户组设置了其对应的待推送的应用程序列表,可以将该用户组所需的应用程序的信息包含在该应用程序列表中,并向该用户组提供,从而可以避免用户对自身工作了解不清楚,没有下载或下载错误应用程序影响工作效率的问题,并且减少了该用户组中每个用户搜索并下载该应用程序列表中相应应用程序的工作量,节省了用户的时间,提高了其工作效率。Since the server sets the corresponding application list to be pushed for each user group in the embodiment of the present application, the information of the application required by the user group may be included in the application list, and the user group is Provided to avoid the user's unclear understanding of their work, no problem of downloading or downloading the wrong application affects productivity, and reducing the workload of each user in the user group searching and downloading the corresponding application in the application list , saving users' time and improving their work efficiency.
待推送的应用程序列表中的每个应用程序的信息可以是管理员设置的,管理员在针对每个用户组设置其对应的待推送的应用程序列表时,将每个应用程序的名称、版本号及下载地址信息设置到该应用程序列表中,以便后续向对应的用户推送。待推送的应用程序列表中的每个应用程序的信息也可以是服务器根据相应的规则,在应用商店中提取的。此时上传到服务器的应用程序的安装包保存在应用商店中,应用商店维护有所有已上传安装包到服务器的应用程序的名称及版本号,当然也可以包括该应用程序的其他信息,例如上传时间、安装包大小、安装量等。企业管理员可以设置服务器待推送的应用程序列表中的每个应用程序的名称及版本号信息。服务器根据设置的该信息,到应用商店中查找相应名称及版本号的应用程序的安装包,并将该应用程序的安装包的下载地址信息添加到该应用程序列表中。The information of each application in the list of applications to be pushed may be set by the administrator, and the administrator will set the name and version of each application when setting the corresponding application list to be pushed for each user group. The number and download address information are set in the application list for subsequent push to the corresponding user. The information of each application in the list of applications to be pushed may also be extracted by the server in the application store according to the corresponding rules. At this time, the installation package of the application uploaded to the server is saved in the application store, and the application store maintains the name and version number of all the applications that have uploaded the installation package to the server, and may of course include other information of the application, such as uploading. Time, installation package size, installation amount, etc. The enterprise administrator can set the name and version number information of each application in the list of applications to be pushed by the server. Based on the information set, the server looks up the installation package of the application with the corresponding name and version number in the application store, and adds the download address information of the installation package of the application to the application list.
服务器中针对每个用户组维护有该用户组对应的待推送的应用程序列表,该应 用程序列表中保存有各应用程序的标识信息、版本号信息及下载地址信息等等。具体的,当用户组是针对用户所在职能部门进行的划分时,服务器中针对每个用户组设置的待推送的应用程序列表中都保存有对安全进行监控的应用程序,例如杀毒软件,安全卫士等。The server maintains a list of applications to be pushed corresponding to the user group for each user group, which should The application list stores identification information, version number information, download address information, and the like of each application. Specifically, when the user group is divided into functional departments of the user, an application for monitoring security, such as anti-virus software and security guards, is stored in the application list to be pushed for each user group in the server. Wait.
又如,针对研发部对应的用户组设置的待推送的应用程序列表中保存有各编程软件的名称、版本号及下载地址信息等,针对财务部对应的用户组设置的待推送的应用程序列表中保存有各财务软件的名称、版本号及下载地址信息等,针对行政部对应的用户组设置的待推送的应用程序列表中保存有各办公软件的名称、版本号及下载地址信息等,针对市场部对应的用户组设置的待推送的应用程序列表中保存有各即时聊天工具的名称、版本号及下载地址信息等。For example, the application list to be pushed set by the user group corresponding to the R&D department stores the name, version number, and download address information of each programming software, and the list of applications to be pushed set for the user group corresponding to the finance department. The name, version number, and download address information of each financial software are stored in the file, and the name, version number, and download address information of each office software are stored in the application list to be pushed for the user group corresponding to the administrative department. The name of the instant chat tool, the version number, and the download address information are stored in the application list to be pushed set by the user group corresponding to the marketing department.
当服务器确定了每个用户组对应的待推送的应用程序列表后,为了保证向每个用户的企业管理服务器推送的应用程序不存在重复,减少服务器重复推送相同应用程序的工作量,本申请实施例中还包括:After the server determines the application list to be pushed corresponding to each user group, in order to ensure that there is no duplication of the application pushed to each user's enterprise management server, the workload of repeatedly pushing the same application by the server is reduced, and the application is implemented. The examples also include:
所述服务器根据向所述移动终端提供的应用程序的信息,将该应用程序的信息保存到针对该移动终端保存的已经推送的应用程序列表中。The server saves the information of the application to the list of applications that have been pushed for the mobile terminal according to the information of the application provided to the mobile terminal.
所述将该用户组对应的待推送的应用程序列表中的各应用程序的信息提供给所述企业管理客户端之前,还包括:Before the information about each application in the application list to be pushed corresponding to the user group is provided to the enterprise management client, the method further includes:
所述服务器根据针对该移动终端保存的已经推送的应用程序列表,判断是否向该移动终端推送过所述应用程序的信息;Determining, by the server according to the list of applications that have been pushed for the mobile terminal, whether the information of the application is pushed to the mobile terminal;
当判断未向该移动终端推送过该应用程序的信息时,进行后续提供步骤。When it is judged that the information of the application has not been pushed to the mobile terminal, the subsequent providing step is performed.
为了减少服务器重复推送相同应用程序的工作量,服务器针对每个移动终端,在本地保存有已经推送的应用程序列表,在该已经推送的应用程序列表中保存有已经向该移动终端推送的应用程序的信息。该应用程序的信息可以是应用程序的标识信息,在该应用程序的信息中还包括应用程序的版本号信息。In order to reduce the workload of the server repeatedly pushing the same application, the server locally stores, for each mobile terminal, a list of applications that have been pushed, and an application that has been pushed to the mobile terminal is saved in the list of applications that have been pushed. Information. The information of the application may be identification information of the application, and the version number information of the application is also included in the information of the application.
服务器可以将应用程序的信息携带在控制信令中,将该控制信令发送到企业管理客户端。为了便于企业管理客户端安装该应用程序,控制信令中携带的应用程序的信息可以包含应用程序的下载地址信息。具体的服务器在获取该应用程序的下载地址信息时,当应用程序列表中包含该应用程序的下载地址信息时,服务器直接从该应用程序列表中获取该下载地址信息,当该应用程序列表中未包含该应用程序的下载地址信息时,服务器根据自身应用市场提供的各应用程序的信息,获取相应应用程序的下载地址信息。The server may carry the information of the application in the control signaling, and send the control signaling to the enterprise management client. In order to facilitate the enterprise management client to install the application, the information of the application carried in the control signaling may include the download address information of the application. When the specific server obtains the download address information of the application, when the application list includes the download address information of the application, the server directly obtains the download address information from the application list, when the application list is not When the download address information of the application is included, the server obtains the download address information of the corresponding application according to the information of each application provided by the application market.
在每个下载地址信息保存的应用程序的安装包是进行了病毒检测、加固处理和 加密处理的。一般情况下,应用程序的安装包是由第三方上传给服务器的,为了保证移动终端上所使用应用程序的安全可靠性,服务器在保存应用程序的安装包之前,对应用程序的安装包进行病毒检测、加固处理和加密处理。所有上传的应用程序的安装包均经过病毒检测和加固保护,从而杜绝恶意篡改、代码注入、内存修改、窃取数据、反编译等威胁,从而可以保证企业管理客户端中工作区的安全性。The installation package of the application saved in each download address information is subjected to virus detection, hardening processing, and Encrypted processing. In general, the installation package of the application is uploaded to the server by a third party. In order to ensure the security and reliability of the application used on the mobile terminal, the server performs virus on the installation package of the application before saving the installation package of the application. Detection, hardening, and encryption processing. The installation packages of all uploaded applications are protected by virus detection and hardening, so as to prevent malicious tampering, code injection, memory modification, data theft, decompilation and other threats, so as to ensure the security of the workspace in the enterprise management client.
例如,该应用程序的信息包含:应用程序的标识信息、应用程序的版本号信息及应用程序的下载地址信息。待推送的应用程序列表中包含至少一个应用程序。基于上述描述,图3为本申请实施例一提供的应用程序的安装过程图,该过程包括以下步骤:For example, the information of the application includes: identification information of the application, version number information of the application, and download address information of the application. At least one application is included in the list of applications to be pushed. Based on the above description, FIG. 3 is a diagram of an installation process of an application program according to Embodiment 1 of the present application, and the process includes the following steps:
S301:服务器根据针对每个用户组设置的待推送的应用程序列表,确定该用户组中每个用户的移动终端。S301: The server determines, according to the application list to be pushed set for each user group, the mobile terminal of each user in the user group.
其中,该应用程序列表中包含至少一个应用程序的信息。Wherein, the application list contains information of at least one application.
S302:根据针对每个移动终端保存的已经推送的应用程序程序列表,判断是否向该移动终端提供过该标识信息对应应用程序的下载地址信息,当判断结果为是时,进行步骤S303,否则,进行步骤S305。S302: Determine, according to the list of application programs that have been pushed for each mobile terminal, whether the download address information of the application corresponding to the identification information is provided to the mobile terminal, and if the determination result is yes, proceed to step S303; otherwise, Go to step S305.
S303:判断向该移动终端已经推送的应用程序的版本号信息是否与该应用程序的版本号信息一致,当判断结果为是时,进行步骤S304,否则,进行步骤S305。S303: Determine whether the version number information of the application that has been pushed to the mobile terminal is consistent with the version number information of the application. If the determination result is yes, proceed to step S304; otherwise, proceed to step S305.
S304:不向该移动终端上的企业管理客户端推送该应用程序的信息。S304: The information of the application is not pushed to the enterprise management client on the mobile terminal.
S305:针对该用户组中每个用户的移动终端,检测该移动终端上的企业管理客户端是否登录,当检测结果为是时进行步骤S306,否则,进行步骤S305。S305: Detect whether the enterprise management client on the mobile terminal logs in to the mobile terminal of each user in the user group, and if the detection result is yes, proceed to step S306; otherwise, proceed to step S305.
S306:将该应用程序的下载地址信息携带在控制信令中,提供给该移动终端上的企业管理客户端。S306: The download address information of the application is carried in the control signaling, and is provided to the enterprise management client on the mobile terminal.
服务器在获取该应用程序的下载地址信息时,根据自身应用市场提供的各应用程序的信息,获取该应用程序的下载地址信息。When the server obtains the download address information of the application, the server obtains the download address information of the application according to the information of each application provided by the application market.
S307:在针对该移动终端保存的已经推送的应用程序列表中添加该应用程序的信息。S307: Add information of the application to the list of applications that have been pushed for the mobile terminal.
上述是以该应用程序列表中包含的应用程序的信息为应用程序的标识信息,应用程序的版本号信息为例进行的说明,当该应用程序列表中只包含应用程序的标识信息时,在进行上述判断时只需要进行上述S302的判断,并在判断结果为是时,进行步骤S304,否则进行步骤S305。当该应用程序列表中包含的应用程序的信息为应用程序的标识信息,应用程序的版本号信息,和应用程序的下载地址信息时,在步骤S306中,服务器将该应用程序列表中该应用程序的下载地址信息携带在控制信令 中,提供给该移动终端上的企业管理客户端。The above is the identification information of the application included in the application list, and the version number information of the application is taken as an example. When the application list only contains the identification information of the application, the In the above determination, only the determination of the above S302 is required, and if the determination result is YES, the process proceeds to step S304, otherwise, the process proceeds to step S305. When the information of the application included in the application list is the identification information of the application, the version number information of the application, and the download address information of the application, in step S306, the server lists the application in the application list. Download address information carried in control signaling Provided to the enterprise management client on the mobile terminal.
该应用程序列表中包含的该应用程序的信息较多,例如包含应用程序的标识信息及应用程序的版本号信息,可以降低应用程序重复推送的概率,当该应用程序列表中包含的应用程序的信息较少时,例如包含该应用程序的标识信息,可以提高服务器向企业管理客户端推送应用程序的效率。The application list contains more information about the application, such as the identification information of the application and the version number information of the application, which can reduce the probability of repeated push of the application, when the application included in the application list When there is less information, such as the identification information of the application, the efficiency of the server pushing the application to the enterprise management client can be improved.
在本申请实施例中为了进一步减少企业用户进行应用程序下载的工作量,提高其工作效率,所述企业管理客户端在工作区中安装所述各应用程序,包括:In the embodiment of the present application, in order to further reduce the workload of the application downloading by the enterprise user and improve the work efficiency, the enterprise management client installs the application in the work area, including:
所述企业管理客户端根据接收到的控制信令中携带的应用程序的下载地址信息,到相应的地址下载该应用程序的安装包,使用提取的超级用户root权限,在所述工作区安装所述应用程序的安装包;或,The enterprise management client downloads the installation package of the application to the corresponding address according to the download address information of the application carried in the received control signaling, and uses the extracted super user root authority to install the workstation in the work area. The installation package of the application; or,
所述企业管理客户端根据接收到的控制信令中携带的应用程序的下载地址信息,到相应的地址下载该应用程序的安装包,并向用户提供是否安装所述应用程序的安装包的提示信息,在接收到用户安装所述安装包的确认信息后,在所述工作区安装所述应用程序的安装包。The enterprise management client downloads the installation package of the application to the corresponding address according to the download address information of the application carried in the received control signaling, and provides the user with a prompt to install the installation package of the application. The information, after receiving the confirmation information that the user installs the installation package, install the installation package of the application in the work area.
企业管理客户端在安装该应用程序的安装包时,以在安卓(Android)系统上实现为例进行说明。企业管理客户端首先通过一段Root代码提取Root权限,使用Root权限启动一个具有Root权限的Service(服务)。具有Root权限的Service启动之后,预留本地的Socket(套接字)接口供调用。企业管理客户端调用该Socket接口,使得具有Root权限的Service Hook在安卓系统的一个核心进程System Service(系统服务)上,从而具有Root权限的Service可以监控与Binder(安卓系统中进程问通信的机制)相关的IOCTL(输入输出控制)函数,如果监控到与Package Manager(安卓系统中对安装包进行管理的服务)相关的内容,即需要启动Package Manager,在工作区中安装该应用程序的安装包。The enterprise management client uses the implementation on the Android system as an example when installing the installation package of the application. The enterprise management client first extracts the root privilege through a root code, and uses the root privilege to start a service with the root privilege. After the Service with Root privileges is started, the local Socket (socket) interface is reserved for invocation. The enterprise management client calls the Socket interface, so that the Service Hook with root authority is on a core process System Service of the Android system, so that the Service with Root permission can monitor the mechanism of communication with the Binder (process in the Android system). ) related IOCTL (input and output control) function, if you monitor the content related to Package Manager (the service that manages the installation package in Android), you need to start the Package Manager and install the installation package of the application in the workspace. .
企业管理客户端没有root权限时,企业管理客户端在根据该控制信令中的下载地址信息,将相应的应用程序的安装包下载到工作区中后,向用户提供是否安装该应用程序的安装包的提示信息,并根据接收到的用户的指示,进行后续操作,接收到用户安装所述安装包的确认信息时,在工作区中安装该应用程序的安装包;接收到用户不安装该安装包的信息时,该应用程序的安装过程结束。When the enterprise management client does not have root authority, the enterprise management client downloads the installation package of the corresponding application to the working area according to the download address information in the control signaling, and provides the user with installation of the application. The prompt information of the package, and according to the received user's instruction, perform subsequent operations, and when receiving the confirmation information that the user installs the installation package, install the installation package of the application in the work area; the received user does not install the installation When the package information is available, the application's installation process ends.
Root权限可以访问和修改用户移动终端中几乎所有的文件(Android系统文件及用户文件,不包括ROM)。Root权限是系统中唯一的超级管理员,具有等同于操作系统的权限,当移动终端具有root权限时,即可直接安装下载的应用程序的安装包。 Root privileges can access and modify almost all files in the user's mobile terminal (Android system files and user files, excluding ROM). The root privilege is the only super administrator in the system and has the same privileges as the operating system. When the mobile terminal has root privileges, the installation package of the downloaded application can be directly installed.
企业管理客户端在判断移动终端是否具有root权限时,企业管理客户端可以到移动终端的常见目录下检测是否存在root权限标识文件,从而检测移动终端是否具有root权限。例如针对安卓系统的移动终端,企业管理客户端可以到/system/bin/system/sbin/system/xbin等目录下检测是否存在SU文件,当检测到存在SU文件时,确定该移动终端具有root权限,否则,确定该移动终端不具有root权限;针对I0S系统的移动终端,企业管理客户端可以到/Applications目录下检测是否存在通常没有权限访问的文件,当检测到存在通常没有权限访问的文件时,确定该移动终端具有root权限,否则,确定该移动终端不具有root权限。When the enterprise management client determines whether the mobile terminal has root authority, the enterprise management client can detect whether the root authority identification file exists in the common directory of the mobile terminal, thereby detecting whether the mobile terminal has root authority. For example, for the mobile terminal of the Android system, the enterprise management client can detect whether there is a SU file in a directory such as /system/bin/system/sbin/system/xbin, and when it detects that the SU file exists, it is determined that the mobile terminal has root authority. Otherwise, it is determined that the mobile terminal does not have root authority; for the mobile terminal of the I0S system, the enterprise management client can detect whether there is a file that is usually not authorized to access in the /Applications directory, and when there is a file that is normally not authorized to access, It is determined that the mobile terminal has root authority; otherwise, it is determined that the mobile terminal does not have root authority.
图4为本申请实施例二提供的一种应用程序的安装过程图,该过程包括以下步骤:4 is a diagram of an installation process of an application program according to Embodiment 2 of the present application, where the process includes the following steps:
S401:服务器根据针对每个用户组设置的待推送的应用程序列表,确定该用户组中每个用户的移动终端。S401: The server determines, according to the application list to be pushed set for each user group, the mobile terminal of each user in the user group.
其中,该应用程序列表中包含至少一个应用程序的信息。Wherein, the application list contains information of at least one application.
S402:根据针对每个移动终端保存的已经推送的应用程序程序列表,判断是否向该移动终端提供过该标识信息对应应用程序的下载地址信息,当判断结果为是时,进行步骤S403,否则,进行步骤S405。S402: Determine, according to the list of the application programs that have been pushed for each mobile terminal, whether the download address information of the application corresponding to the identification information is provided to the mobile terminal, and if the determination result is yes, proceed to step S403; otherwise, Go to step S405.
S403:判断向该移动终端已经推送的应用程序的版本号信息是否与该应用程序的版本号信息一致,当判断结果为是时,进行步骤S404,否则,进行步骤S405。S403: Determine whether the version number information of the application that has been pushed to the mobile terminal is consistent with the version number information of the application. If the determination result is yes, proceed to step S404; otherwise, proceed to step S405.
S404:不向该移动终端上的企业管理客户端推送该应用程序的信息。S404: The information of the application is not pushed to the enterprise management client on the mobile terminal.
S405:针对该用户组中每个用户的移动终端,检测该移动终端上的企业管理客户端是否登录,当检测结果为是时进行步骤S406,否则,进行步骤S405。S405: Detect whether the enterprise management client on the mobile terminal logs in for the mobile terminal of each user in the user group, and if the detection result is yes, proceed to step S406; otherwise, proceed to step S405.
S406:将该应用程序的下载地址信息携带在控制信令中,提供给该移动终端上的企业管理客户端。S406: The download address information of the application is carried in the control signaling, and is provided to the enterprise management client on the mobile terminal.
S407:企业管理客户端获取接收到的控制信令中携带的应用程序的下载地址信息,然后到相应的地址下载该应用程序的安装包。S407: The enterprise management client obtains the download address information of the application carried in the received control signaling, and then downloads the installation package of the application to the corresponding address.
S408:企业管理客户端使用提取的超级用户root权限,在所述工作区安装所述应用程序的安装包。S408: The enterprise management client uses the extracted super user root authority to install the installation package of the application in the work area.
企业管理客户端安装了对应的应用程序安装包后,可以在工作区的桌面上看到该应用的图标和名称,点击该应用的图标即可使用。After the enterprise management client installs the corresponding application installation package, you can see the icon and name of the application on the desktop of the workspace, and click the icon of the application to use it.
或者,企业管理客户端向用户提供是否安装所述应用程序的安装包的提示信息,在接收到用户安装所述安装包的确认信息后,在所述工作区安装所述应用程序的安装包;在接收到用户不安装该安装包的信息时,该应用程序的安装过程结束。 Alternatively, the enterprise management client provides the user with prompt information for installing the installation package of the application, and after receiving the confirmation information that the user installs the installation package, installing the installation package of the application in the work area; When the user receives the information that the installation package is not installed, the installation process of the application ends.
由于在本申请实施例中服务器针对每个用户组设置了其对应的待推送的应用程序列表,可以将该用户组所需的应用程序的信息包含在该应用程序列表中,并向该用户组提供,从而可以避免用户对自身工作了解不清楚,没有下载或下载错误应用程序影响工作效率的问题,并且减少了该用户组中每个用户搜索并下载该应用程序列表中相应应用程序的工作量,节省了用户的时间,提高了其工作效率。Since the server sets the corresponding application list to be pushed for each user group in the embodiment of the present application, the information of the application required by the user group may be included in the application list, and the user group is Provided to avoid the user's unclear understanding of their work, no problem of downloading or downloading the wrong application affects productivity, and reducing the workload of each user in the user group searching and downloading the corresponding application in the application list , saving users' time and improving their work efficiency.
图5为本申请实施例提供的一种应用程序的安装控制系统结构图,所述系统包括服务器51和至少一个移动终端上的企业管理客户端52:FIG. 5 is a structural diagram of an installation control system of an application program according to an embodiment of the present application. The system includes a server 51 and an enterprise management client 52 on at least one mobile terminal:
服务器51,配置为据针对每个用户组设置的待推送的应用程序列表,确定该用户组中每个用户的移动终端;针对该用户组中每个用户的移动终端,检测该移动终端上的企业管理客户端52是否登录;当检测到该移动终端上的企业管理客户端52登录时,将该用户组对应的待推送的应用程序列表中的各应用程序的信息提供给所述企业管理客户端52;The server 51 is configured to determine, according to the application list to be pushed set for each user group, the mobile terminal of each user in the user group; and detect, for the mobile terminal of each user in the user group, the mobile terminal Whether the enterprise management client 52 logs in; when detecting that the enterprise management client 52 on the mobile terminal logs in, the information of each application in the application list to be pushed corresponding to the user group is provided to the enterprise management client. End 52;
至少一个企业管理客户端52,配置为接收服务器发送的应用程序列表中的各应用程序的信息,并在工作区中安装所述各应用程序。At least one enterprise management client 52 is configured to receive information of each application in the application list sent by the server, and install the applications in the work area.
所述服务器51,还配置为根据向所述移动终端提供的应用程序的信息,将该应用程序的信息保存到针对该移动终端保存的已经推送的应用程序列表中。The server 51 is further configured to save the information of the application to the list of applications that have been pushed for the mobile terminal according to the information of the application provided to the mobile terminal.
所述服务器51,还配置为根据针对该移动终端保存的已经推送的应用程序列表,判断是否向该移动终端推送过所述应用程序的信息;当判断未向该移动终端推送过该应用程序的信息时,进行后续提供步骤。The server 51 is further configured to determine, according to the list of applications that have been pushed for the mobile terminal, whether to push the information of the application to the mobile terminal; when it is determined that the application is not pushed to the mobile terminal When the information is available, follow-up steps are provided.
所述服务器51,具体配置为针对每个应用程序,获取所述待推送的应用程序列表中包含的该应用程序的下载地址信息;将所述下载地址信息携带在控制信令中提供给所述企业管理客户端。The server 51 is configured to acquire download address information of the application included in the application list to be pushed for each application, and the download address information is provided in the control signaling to be Enterprise management client.
至少一个所述企业管理客户端52,具体配置为根据接收到的控制信令中携带的应用程序的下载地址信息,到相应的地址下载该应用程序的安装包,使用提取的超级用户root权限,安装所述应用程序的安装包。The at least one enterprise management client 52 is configured to download the installation package of the application to the corresponding address according to the downloaded address information of the application carried in the received control signaling, and use the extracted super user root authority. Install the installation package for the application.
至少一个所述企业管理客户端52,具体配置为根据接收到的控制信令中携带的应用程序的下载地址信息,到相应的地址下载该应用程序的安装包,并向用户提供是否安装所述应用程序的安装包的提示信息,在接收到用户安装所述安装包的确认信息后,安装所述应用程序的安装包。The at least one enterprise management client 52 is configured to download an installation package of the application to a corresponding address according to the downloaded address information of the application carried in the received control signaling, and provide the user with whether to install the The prompt information of the installation package of the application, after receiving the confirmation information that the user installs the installation package, installs the installation package of the application.
所述服务器51,还配置为对该应用程序列表中包含的各应用程序对应的安装包进行病毒检测、加固处理和加密处理。The server 51 is further configured to perform virus detection, reinforcement processing, and encryption processing on the installation package corresponding to each application included in the application list.
图6为本申请实施例提供的一种企业管理客户端结构图,包括: FIG. 6 is a structural diagram of an enterprise management client according to an embodiment of the present application, including:
接收模块61,配置为接收服务器提供的待推送的应用程序列表中的各应用程序的信息;The receiving module 61 is configured to receive information about each application in the application list to be pushed provided by the server;
安装模块62,配置为在工作区中安装所述各应用程序。The installation module 62 is configured to install the applications in the work area.
所述安装模块62,具体配置为根据接收到的控制信令中携带的应用程序的下载地址信息,到相应的地址下载该应用程序的安装包,使用提取的超级用户root权限,在工作区安装所述应用程序的安装包。The installation module 62 is configured to download the installation package of the application to the corresponding address according to the downloaded address information of the application carried in the received control signaling, and use the extracted super user root permission to install in the work area. The installation package for the application.
所述安装模块62,具体配置为根据接收到的控制信令中携带的应用程序的下载地址信息,到相应的地址下载该应用程序的安装包,并向用户提供是否安装所述应用程序的安装包的提示信息,在接收到用户安装所述安装包的确认信息后,在工作区安装所述应用程序的安装包。The installation module 62 is configured to download an installation package of the application to a corresponding address according to the downloaded address information of the application carried in the received control signaling, and provide the user with installation of the application. The prompt information of the package, after receiving the confirmation information that the user installs the installation package, installs the installation package of the application in the work area.
本申请实施例提供了一种应用程序的安装方法、系统及装置,该方法中服务器针对每个用户组对应的移动终端,在检测到移动终端上的企业管理客户端登陆时,向其提供待推送的应用程序列表,使企业管理客户端在工作区中安装该应用程序列表中的各应用程序。由于在本申请实施例中服务器针对每个用户组设置了其对应的待推送的应用程序列表,可以将该用户组所需的应用程序的信息包含在该应用程序列表中,并向该用户组提供,从而可以避免用户对自身工作了解不清楚,没有下载或下载错误应用程序影响工作效率的问题,并且减少了该用户组中每个用户搜索并下载该应用程序列表中相应应用程序的工作量,节省了用户的时间,提高了其工作效率。An embodiment of the present application provides a method, a system, and a device for installing an application, where the server provides a mobile terminal corresponding to each user group to the enterprise management client on the mobile terminal when it logs in. A list of pushed applications that enable the Enterprise Management client to install each application in the application list in the workspace. Since the server sets the corresponding application list to be pushed for each user group in the embodiment of the present application, the information of the application required by the user group may be included in the application list, and the user group is Provided to avoid the user's unclear understanding of their work, no problem of downloading or downloading the wrong application affects productivity, and reducing the workload of each user in the user group searching and downloading the corresponding application in the application list , saving users' time and improving their work efficiency.
需要说明的是,本申请实施例中的设备可以包括计算机设备、移动设备等各种设备。其中,移动设备可以为游戏控制台、膝上型计算机、便携式媒体播放器、板式计算机、平板计算机、PDA、移动计算机以及移动电话等各种移动设备,本申请实施例对此不作限制。It should be noted that the device in the embodiment of the present application may include various devices such as a computer device and a mobile device. The mobile device may be a variety of mobile devices, such as a game console, a laptop computer, a portable media player, a tablet computer, a tablet computer, a PDA, a mobile computer, and a mobile phone.
在此提供的算法和显示不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述,构造这类系统所要求的结构是显而易见的。此外,本申请也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本申请的内容,并且上面对特定语言所做的描述是为了披露本申请的最佳实施方式。The algorithms and displays provided herein are not inherently related to any particular computer, virtual system, or other device. Various general purpose systems can also be used with the teaching based on the teachings herein. The structure required to construct such a system is apparent from the above description. Moreover, this application is not directed to any particular programming language. It should be understood that the content of the present application described herein may be implemented in a variety of programming languages, and the description of the specific language above is for the purpose of illustrating the preferred embodiments.
在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本申请的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it is understood that the embodiments of the present application may be practiced without these specific details. In some instances, well-known methods, structures, and techniques are not shown in detail so as not to obscure the understanding of the description.
类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个, 在上面对本申请的示例性实施例的描述中,本申请的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应将该公开的方法解释成反映如下意图:即所要求保护的本申请要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本申请的单独实施例。Similarly, it should be understood that in order to streamline the present disclosure and to help understand one or more of the various inventive aspects, In the above description of the exemplary embodiments of the present application, various features of the present application are sometimes grouped together into a single embodiment, figure, or description thereof. However, the method disclosed is not to be interpreted as reflecting the intention that the claimed invention requires more features than those specifically recited in the claims. Rather, as the following claims reflect, inventive aspects reside in less than all features of the single embodiments disclosed herein. Therefore, the claims following the specific embodiments are hereby explicitly incorporated into the specific embodiments, each of which
本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art will appreciate that the modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and further they may be divided into a plurality of sub-modules or sub-units or sub-components. In addition to such features and/or at least some of the processes or units being mutually exclusive, any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed, or All processes or units of the device are combined. Each feature disclosed in this specification (including the accompanying claims, the abstract and the drawings) may be replaced by alternative features that provide the same, equivalent or similar purpose.
此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本申请的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。In addition, those skilled in the art will appreciate that, although some embodiments described herein include certain features that are included in other embodiments and not in other features, combinations of features of different embodiments are intended to be within the scope of the present application. Different embodiments are formed and formed. For example, in the following claims, any one of the claimed embodiments can be used in any combination.
应该注意的是上述实施例对本申请进行说明而不是对本申请进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应将位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本申请可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可将这些单词解释为名称。It should be noted that the above-described embodiments are illustrative of the present application and are not intended to limit the scope of the application, and those skilled in the art can devise alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as a limitation. The word "comprising" does not exclude the presence of the elements or steps that are not recited in the claims. The word "a" or "an" The application can be implemented by means of hardware comprising several distinct elements and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means can be embodied by the same hardware item. The use of the words first, second, and third does not indicate any order. These words can be interpreted as names.
显然,本领域的技术人员可以对本申请进行各种改动和变型而不脱离本申请的精神和范围。这样,倘若本申请的这些修改和变型属于本申请权利要求及其等同技术的范围之内,则本申请也意图包含这些改动和变型在内。本申请的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本申请实施例的应用程序的安装控制系统中的一些或者全部部 件的一些或者全部功能。本申请还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本申请的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。It will be apparent to those skilled in the art that various modifications and changes can be made in the present application without departing from the spirit and scope of the application. Thus, it is intended that the present invention cover the modifications and variations of the present invention. The various component embodiments of the present application can be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or digital signal processor (DSP) may be used in practice to implement some or all of the installation control system of an application in accordance with embodiments of the present application. Some or all of the features. The application can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein. Such a program implementing the present application may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.
例如,图7示出了可以实现根据本申请的应用程序的安装控制方法的服务器。该服务器传统上包括处理器710和以存储器720形式的计算机程序产品或者计算机可读介质。存储器720可以是诸如闪存、EEPROM(电可擦除可编程只读存储器)、EPROM、硬盘或者ROM之类的电子存储器。存储器420具有用于执行上述方法中的任何方法步骤的程序代码731的存储空间730。例如,用于程序代码的存储空间730可以包括分别用于实现上面的方法中的各种步骤的各个程序代码431。这些程序代码可以从一个或者多个计算机程序产品中读出或者写入到这一个或者多个计算机程序产品中。这些计算机程序产品包括诸如硬盘,紧致盘(CD)、存储卡或者软盘之类的程序代码载体。这样的计算机程序产品通常为如参考图8所述的便携式或者固定存储单元。该存储单元可以具有与图7的服务器中的存储器720类似布置的存储段、存储空间等。程序代码可以例如以适当形式进行压缩。通常,存储单元包括计算机可读代码731’,即可以由例如诸如710之类的处理器读取的代码,这些代码当由服务器运行时,导致该服务器执行上面所描述的方法中的各个步骤。For example, FIG. 7 shows a server that can implement an installation control method of an application according to the present application. The server conventionally includes a processor 710 and a computer program product or computer readable medium in the form of a memory 720. Memory 720 can be an electronic memory such as a flash memory, EEPROM (Electrically Erasable Programmable Read Only Memory), EPROM, hard disk, or ROM. Memory 420 has a memory space 730 for program code 731 for performing any of the method steps described above. For example, storage space 730 for program code may include various program code 431 for implementing various steps in the above methods, respectively. The program code can be read from or written to one or more computer program products. These computer program products include program code carriers such as hard disks, compact disks (CDs), memory cards or floppy disks. Such a computer program product is typically a portable or fixed storage unit as described with reference to FIG. The storage unit may have a storage section, a storage space, and the like arranged similarly to the storage 720 in the server of FIG. The program code can be compressed, for example, in an appropriate form. Typically, the storage unit includes computer readable code 731', code that can be read by a processor, such as 710, which, when executed by a server, causes the server to perform various steps in the methods described above.
本文中所称的“一个实施例”、“实施例”或者“一个或者多个实施例”意味着,结合实施例描述的特定特征、结构或者特性包括在本申请的至少一个实施例中。此外,请注意,这里“在一个实施例中”的词语例子不一定全指同一个实施例。"an embodiment," or "an embodiment," or "one or more embodiments" as used herein means that the particular features, structures, or characteristics described in connection with the embodiments are included in at least one embodiment of the present application. In addition, it is noted that the phrase "in one embodiment" is not necessarily referring to the same embodiment.
此外,还应当注意,本说明书中使用的语言主要是为了可读性和教导的目的而选择的,而不是为了解释或者限定本申请的主题而选择的。因此,在不偏离所附权利要求书的范围和精神的情况下,对于本技术领域的普通技术人员来说许多修改和变更都是显而易见的。对于本申请的范围,对本申请所做的公开是说明性的,而非限制性的,本申请的范围由所附权利要求书限定。 In addition, it should be noted that the language used in the specification has been selected for the purpose of readability and teaching, and is not intended to be interpreted or limited. Therefore, many modifications and changes will be apparent to those skilled in the art without departing from the scope of the invention. The disclosure of the present application is intended to be illustrative, and not restrictive, and the scope of the application is defined by the appended claims.

Claims (18)

  1. 一种应用程序的安装控制方法,其特征在于,该方法包括:An installation control method for an application, characterized in that the method comprises:
    服务器根据针对每个用户组设置的待推送的应用程序列表,确定该用户组中每个用户的移动终端;Determining, by the server, a mobile terminal of each user in the user group according to a list of applications to be pushed set for each user group;
    针对该用户组中每个用户的移动终端,检测该移动终端上的企业管理客户端是否登录;Detecting, for the mobile terminal of each user in the user group, whether the enterprise management client on the mobile terminal logs in;
    当检测到该移动终端上的企业管理客户端登录时,将该用户组对应的待推送的应用程序列表中的各应用程序的信息提供给所述企业管理客户端,使所述企业管理客户端在工作区中安装所述各应用程序。When the enterprise management client login on the mobile terminal is detected, the information of each application in the application list to be pushed corresponding to the user group is provided to the enterprise management client, so that the enterprise management client The applications are installed in the workspace.
  2. 如权利要求1所述的方法,其特征在于,所述方法还包括:The method of claim 1 wherein the method further comprises:
    所述服务器根据向所述移动终端提供的应用程序的信息,将该应用程序的信息保存到针对该移动终端保存的已经推送的应用程序列表中。The server saves the information of the application to the list of applications that have been pushed for the mobile terminal according to the information of the application provided to the mobile terminal.
  3. 如权利要求2所述的方法,其特征在于,所述将该用户组对应的待推送的应用程序列表中的各应用程序的信息提供给所述企业管理客户端之前,还包括:The method according to claim 2, wherein before the providing, by the user group, the information of each application in the application list to be pushed corresponding to the user group to the enterprise management client, the method further includes:
    所述服务器根据针对该移动终端保存的已经推送的应用程序列表,判断是否向该移动终端推送过所述应用程序的信息;Determining, by the server according to the list of applications that have been pushed for the mobile terminal, whether the information of the application is pushed to the mobile terminal;
    当判断未向该移动终端推送过该应用程序的信息时,进行后续提供步骤。When it is judged that the information of the application has not been pushed to the mobile terminal, the subsequent providing step is performed.
  4. 如权利要求1所述的方法,其特征在于,所述应用程序列表中包括所述应用程序的标识信息、所述应用程序的版本号信息和所述应用程序的下载地址信息中的一种或几种。The method according to claim 1, wherein the application list includes one of identifier information of the application, version number information of the application, and download address information of the application. Several.
  5. 如权利要求4所述的方法,其特征在于,将该用户组对应的待推送的应用程序列表中的各应用程序的信息提供给所述企业管理客户端,包括:The method of claim 4, wherein the information of each application in the application list to be pushed corresponding to the user group is provided to the enterprise management client, including:
    所述服务器针对每个应用程序,获取所述待推送的应用程序列表中包含的该应用程序的下载地址信息;The server acquires download address information of the application included in the application list to be pushed for each application;
    将所述下载地址信息携带在控制信令中提供给所述企业管理客户端。The download address information is carried in the control signaling and provided to the enterprise management client.
  6. 如权利要求1~5任一所述的方法,其特征在于,所述企业管理客户端在工作区中安装所述各应用程序,包括:The method according to any one of claims 1 to 5, wherein the enterprise management client installs the applications in a work area, including:
    所述企业管理客户端根据接收到的控制信令中携带的应用程序的下载地址信息,到相应的地址下载该应用程序的安装包,使用提取的超级用户root权限,在所述工作区安装所述应用程序的安装包;或,The enterprise management client downloads the installation package of the application to the corresponding address according to the download address information of the application carried in the received control signaling, and uses the extracted super user root authority to install the workstation in the work area. The installation package of the application; or,
    所述企业管理客户端根据接收到的控制信令中携带的应用程序的下载地址信 息,到相应的地址下载该应用程序的安装包,并向用户提供是否安装所述应用程序的安装包的提示信息,在接收到用户安装所述安装包的确认信息后,在所述工作区安装所述应用程序的安装包。The enterprise management client sends a download address letter according to the application carried in the received control signaling Download the installation package of the application to the corresponding address, and provide the user with the prompt information of whether to install the installation package of the application, after receiving the confirmation information that the user installs the installation package, in the work area Install the installation package for the application.
  7. 如权利要求1所述的方法,其特征在于,所述服务器确定该用户组中每个用户的移动终端的标识信息之前,所述方法还包括:The method of claim 1, wherein the method further comprises: before the server determines the identification information of the mobile terminal of each user in the user group, the method further comprising:
    所述服务器对该应用程序列表中包含的各应用程序对应的安装包进行病毒检测、加固处理和加密处理。The server performs virus detection, reinforcement processing, and encryption processing on the installation package corresponding to each application included in the application list.
  8. 如权利要求1所述的方法,其特征在于,所述应用程序列表中包含至少一个应用程序的信息。The method of claim 1 wherein said application list includes information for at least one application.
  9. 一种应用程序的安装控制系统,其特征在于,所述系统包括服务器和至少一个移动终端上的企业管理客户端:An installation control system for an application, characterized in that the system comprises a server and an enterprise management client on at least one mobile terminal:
    服务器,配置为据针对每个用户组设置的待推送的应用程序列表,确定该用户组中每个用户的移动终端;针对该用户组中每个用户的移动终端,检测该移动终端上的企业管理客户端是否登录;当检测到该移动终端上的企业管理客户端登录时,将该用户组对应的待推送的应用程序列表中的各应用程序的信息提供给所述企业管理客户端;a server, configured to determine a mobile terminal of each user in the user group according to a list of applications to be pushed set for each user group; and detect a enterprise on the mobile terminal for each mobile terminal of the user group in the user group The management client is logged in; when the enterprise management client login on the mobile terminal is detected, the information of each application in the application list to be pushed corresponding to the user group is provided to the enterprise management client;
    企业管理客户端,配置为接收服务器发送的应用程序列表中的各应用程序的信息,并在工作区中安装所述各应用程序。The enterprise management client is configured to receive information of each application in the application list sent by the server, and install the applications in the work area.
  10. 如权利要求9所述的系统,其特征在于,所述服务器,还配置为根据向所述移动终端提供的应用程序的信息,将该应用程序的信息保存到针对该移动终端保存的已经推送的应用程序列表中。The system according to claim 9, wherein the server is further configured to save the information of the application to the already-pushed saved for the mobile terminal according to the information of the application provided to the mobile terminal. In the application list.
  11. 如权利要求10所述的系统,其特征在于,所述服务器,还配置为根据针对该移动终端保存的已经推送的应用程序列表,判断是否向该移动终端推送过所述应用程序的信息;当判断未向该移动终端推送过该应用程序的信息时,进行后续提供步骤。The system according to claim 10, wherein the server is further configured to determine, according to the list of applications that have been pushed for the mobile terminal, whether to push information of the application to the mobile terminal; When it is judged that the information of the application has not been pushed to the mobile terminal, the subsequent providing step is performed.
  12. 如权利要求9~11任一所述的系统,其特征在于,所述服务器,具体配置为针对每个应用程序,获取所述待推送的应用程序列表中包含的该应用程序的下载地址信息;将所述下载地址信息携带在控制信令中提供给所述企业管理客户端。The system according to any one of claims 9 to 11, wherein the server is configured to acquire, for each application, download address information of the application included in the application list to be pushed; The download address information is carried in the control signaling and provided to the enterprise management client.
  13. 如权利要求12所述的系统,其特征在于,所述企业管理客户端,具体配置为根据接收到的控制信令中携带的应用程序的下载地址信息,到相应的地址下载该应用程序的安装包,使用提取的超级用户root权限,安装所述应用程序的安装包;或,根据接收到的控制信令中携带的应用程序的下载地址信息,到相应的地址下载 该应用程序的安装包,并向用户提供是否安装所述应用程序的安装包的提示信息,在接收到用户安装所述安装包的确认信息后,安装所述应用程序的安装包。The system of claim 12, wherein the enterprise management client is configured to download the application to the corresponding address according to the download address information of the application carried in the received control signaling. The package, using the extracted super user root permission, installing the installation package of the application; or, according to the downloaded address information of the application carried in the received control signaling, downloading to the corresponding address The installation package of the application, and providing the user with prompt information of whether to install the installation package of the application, and after receiving the confirmation information that the user installs the installation package, installing the installation package of the application.
  14. 如权利要求9所述的系统,其特征在于,所述服务器,还配置为对该应用程序列表中包含的各应用程序对应的安装包进行病毒检测、加固处理和加密处理。The system according to claim 9, wherein the server is further configured to perform virus detection, hardening processing, and encryption processing on the installation package corresponding to each application included in the application list.
  15. 一种企业管理客户端,其特征在于,包括:An enterprise management client, which is characterized by comprising:
    接收模块,配置为接收服务器提供的待推送的应用程序列表中的各应用程序的信息;a receiving module configured to receive information about each application in the application list to be pushed provided by the server;
    安装模块,配置为在工作区中安装所述各应用程序。A module is installed that is configured to install the applications in a workspace.
  16. 如权利要求15所述的企业管理客户端,其特征在于,所述安装模块,具体配置为根据接收到的控制信令中携带的应用程序的下载地址信息,到相应的地址下载该应用程序的安装包,使用提取的超级用户root权限,在工作区安装所述应用程序的安装包;或,根据接收到的控制信令中携带的应用程序的下载地址信息,到相应的地址下载该应用程序的安装包,并向用户提供是否安装所述应用程序的安装包的提示信息,在接收到用户安装所述安装包的确认信息后,在工作区安装所述应用程序的安装包。The enterprise management client according to claim 15, wherein the installation module is configured to download the application to the corresponding address according to the download address information of the application carried in the received control signaling. Install the package, use the extracted superuser root permission to install the installation package of the application in the work area; or, according to the downloaded address information of the application carried in the received control signaling, download the application to the corresponding address The installation package provides the user with the prompt information of whether to install the installation package of the application, and after receiving the confirmation information that the user installs the installation package, install the installation package of the application in the work area.
  17. 一种程序,包括可读代码,当所述可读代码在服务器上运行时,导致所述服务器执行根据权利要求1-8中的任一个所述的应用程序的安装控制方法。A program comprising readable code causing the server to perform an installation control method of an application according to any one of claims 1-8 when the readable code is run on a server.
  18. 一种可读介质,其中存储了如权利要求17所述的程序。 A readable medium storing the program of claim 17.
PCT/CN2014/094653 2013-12-23 2014-12-23 Installation control method, system and device for application program WO2015096695A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310717720.5A CN103677935A (en) 2013-12-23 2013-12-23 Installation and control method, system and device for application programs
CN201310717720.5 2013-12-23

Publications (1)

Publication Number Publication Date
WO2015096695A1 true WO2015096695A1 (en) 2015-07-02

Family

ID=50315592

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/094653 WO2015096695A1 (en) 2013-12-23 2014-12-23 Installation control method, system and device for application program

Country Status (2)

Country Link
CN (1) CN103677935A (en)
WO (1) WO2015096695A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115454827A (en) * 2022-08-23 2022-12-09 中科方德软件有限公司 Compatibility detection method, system, device and medium
CN116400935A (en) * 2023-06-09 2023-07-07 贵州爱信诺航天信息有限公司 Cross-platform deployment system and method based on domestic platform

Families Citing this family (26)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103677935A (en) * 2013-12-23 2014-03-26 北京奇虎科技有限公司 Installation and control method, system and device for application programs
CN104104677B (en) * 2014-07-11 2017-07-28 北京奇虎科技有限公司 Application program forecasting methods, client and electronic equipment
CN104899069A (en) * 2015-07-01 2015-09-09 王小安 Application software management system
CN105046138A (en) * 2015-07-13 2015-11-11 山东超越数控电子有限公司 FT-processor based trust management system and method
CN105045625B (en) * 2015-07-17 2018-07-31 上海斐讯数据通信技术有限公司 Root authority management-control method under a kind of Android platform
CN106909401B (en) * 2015-12-22 2021-05-25 北京奇虎科技有限公司 Application program control method and device
CN105912353B (en) * 2015-12-23 2019-12-27 北京奇虎科技有限公司 Application program packaging method and device
CN105653975B (en) * 2015-12-24 2019-06-07 北京奇虎科技有限公司 APP progress control method and device
CN107770148B (en) * 2017-03-03 2020-09-29 平安医疗健康管理股份有限公司 Software deployment method and device
CN109408068A (en) * 2017-08-30 2019-03-01 深圳互联先锋科技有限公司 A kind of software installation method and system
CN108681662B (en) * 2018-05-17 2022-04-29 创新先进技术有限公司 Method and device for installing program
CN110264321A (en) * 2019-06-27 2019-09-20 中国石油集团东方地球物理勘探有限责任公司 A kind of order generation method, device, electronic equipment and storage medium
CN111309345A (en) * 2020-02-21 2020-06-19 广州欢网科技有限责任公司 Application store regional management and control method, device and system
CN111737368B (en) 2020-07-24 2020-12-18 支付宝(杭州)信息技术有限公司 Data processing method, device, equipment and medium
CN113657960A (en) 2020-08-28 2021-11-16 支付宝(杭州)信息技术有限公司 Matching method, device and equipment based on trusted asset data
CN111741036B (en) 2020-08-28 2020-12-18 支付宝(杭州)信息技术有限公司 Trusted data transmission method, device and equipment
CN111814172A (en) 2020-08-28 2020-10-23 支付宝(杭州)信息技术有限公司 Method, device and equipment for acquiring data authorization information
CN111818094B (en) * 2020-08-28 2021-01-05 支付宝(杭州)信息技术有限公司 Identity registration method, device and equipment
CN115033919A (en) 2020-09-04 2022-09-09 支付宝(杭州)信息技术有限公司 Data acquisition method, device and equipment based on trusted equipment
CN111814195B (en) 2020-09-04 2021-05-25 支付宝(杭州)信息技术有限公司 Data management method, device and equipment based on trusted hardware
CN111814196B (en) 2020-09-04 2021-01-05 支付宝(杭州)信息技术有限公司 Data processing method, device and equipment
CN111931238B (en) 2020-09-15 2021-05-04 支付宝(杭州)信息技术有限公司 Block chain-based data asset transfer method, device and equipment
CN111930846B (en) 2020-09-15 2021-02-23 支付宝(杭州)信息技术有限公司 Data processing method, device and equipment
CN111932426B (en) 2020-09-15 2021-01-26 支付宝(杭州)信息技术有限公司 Identity management method, device and equipment based on trusted hardware
CN114528114B (en) * 2020-11-09 2023-09-19 成都鼎桥通信技术有限公司 Data processing method, device and equipment
CN113536243B (en) * 2021-07-09 2022-03-25 益世信息技术(杭州)有限公司 Enterprise internal software use management system based on authority analysis

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102111749A (en) * 2011-02-18 2011-06-29 宇龙计算机通信科技(深圳)有限公司 Method for pushing customization application, server and mobile terminal
CN102946599A (en) * 2012-11-08 2013-02-27 惠州Tcl移动通信有限公司 Method for downloading application programs of mobile terminal and mobile terminal
CN103366001A (en) * 2013-07-17 2013-10-23 北京网秦天下科技有限公司 Application program pushing method, server and system for enterprise users
CN103402195A (en) * 2013-07-29 2013-11-20 广州供电局有限公司 Application processing method of enterprise-level mobile terminal and enterprise-level mobile application platform
CN103677935A (en) * 2013-12-23 2014-03-26 北京奇虎科技有限公司 Installation and control method, system and device for application programs

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101959179B (en) * 2009-07-17 2014-08-20 华为技术有限公司 Method for providing mobile terminal application program, and server and mobile terminal
CN101848230A (en) * 2010-01-27 2010-09-29 宇龙计算机通信科技(深圳)有限公司 Method for pushing application program and application program server
CN102591942B (en) * 2011-12-27 2013-11-13 奇智软件(北京)有限公司 Method and device for automatic application recommendation
CN102567511B (en) * 2011-12-27 2013-10-02 奇智软件(北京)有限公司 Method and device for automatically recommending application
US9058495B2 (en) * 2013-05-16 2015-06-16 Airwatch Llc Rights management services integration with mobile device management

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102111749A (en) * 2011-02-18 2011-06-29 宇龙计算机通信科技(深圳)有限公司 Method for pushing customization application, server and mobile terminal
CN102946599A (en) * 2012-11-08 2013-02-27 惠州Tcl移动通信有限公司 Method for downloading application programs of mobile terminal and mobile terminal
CN103366001A (en) * 2013-07-17 2013-10-23 北京网秦天下科技有限公司 Application program pushing method, server and system for enterprise users
CN103402195A (en) * 2013-07-29 2013-11-20 广州供电局有限公司 Application processing method of enterprise-level mobile terminal and enterprise-level mobile application platform
CN103677935A (en) * 2013-12-23 2014-03-26 北京奇虎科技有限公司 Installation and control method, system and device for application programs

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115454827A (en) * 2022-08-23 2022-12-09 中科方德软件有限公司 Compatibility detection method, system, device and medium
CN115454827B (en) * 2022-08-23 2023-08-11 中科方德软件有限公司 Compatibility detection method, system, equipment and medium
CN116400935A (en) * 2023-06-09 2023-07-07 贵州爱信诺航天信息有限公司 Cross-platform deployment system and method based on domestic platform
CN116400935B (en) * 2023-06-09 2023-08-18 贵州爱信诺航天信息有限公司 Application installation system and method

Also Published As

Publication number Publication date
CN103677935A (en) 2014-03-26

Similar Documents

Publication Publication Date Title
WO2015096695A1 (en) Installation control method, system and device for application program
US10257207B2 (en) Managed clone applications
US11237817B2 (en) Operating system update management for enrolled devices
EP3404948B1 (en) Centralized selective application approval for mobile devices
US8839354B2 (en) Mobile enterprise server and client device interaction
US10354068B2 (en) Anonymized application scanning for mobile devices
US9177145B2 (en) Modified file tracking on virtual machines
US9152784B2 (en) Detection and prevention of installation of malicious mobile applications
US8850549B2 (en) Methods and systems for controlling access to resources and privileges per process
US9426179B2 (en) Protecting sensitive information from a secure data store
EP2852913B1 (en) Method and apparatus for determining malicious program
US9100440B1 (en) Systems and methods for applying data loss prevention policies to closed-storage portable devices
US10505983B2 (en) Enforcing enterprise requirements for devices registered with a registration service
US9917862B2 (en) Integrated application scanning and mobile enterprise computing management system
US20200092332A1 (en) Enabling webapp security through containerization
US20140281499A1 (en) Method and system for enabling communications between unrelated applications
US9219728B1 (en) Systems and methods for protecting services
JP2016189201A (en) Inoculator and antibody for computer security
US10169584B1 (en) Systems and methods for identifying non-malicious files on computing devices within organizations
CN105791221B (en) Rule issuing method and device
US20130263278A1 (en) Method and apparatus for controlling operations performed by a mobile co
US11882123B2 (en) Kernel level application data protection
US11671422B1 (en) Systems and methods for securing authentication procedures
CN117932595A (en) Authority control method, authority control device, terminal equipment and computer readable storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14873591

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14873591

Country of ref document: EP

Kind code of ref document: A1