WO2015096695A1 - Procédé, système et dispositif de commande d'installation de programme d'application - Google Patents

Procédé, système et dispositif de commande d'installation de programme d'application Download PDF

Info

Publication number
WO2015096695A1
WO2015096695A1 PCT/CN2014/094653 CN2014094653W WO2015096695A1 WO 2015096695 A1 WO2015096695 A1 WO 2015096695A1 CN 2014094653 W CN2014094653 W CN 2014094653W WO 2015096695 A1 WO2015096695 A1 WO 2015096695A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
information
mobile terminal
user
server
Prior art date
Application number
PCT/CN2014/094653
Other languages
English (en)
Chinese (zh)
Inventor
王鹏程
李旋
王力
张瑞博
Original Assignee
北京奇虎科技有限公司
奇智软件(北京)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京奇虎科技有限公司, 奇智软件(北京)有限公司 filed Critical 北京奇虎科技有限公司
Publication of WO2015096695A1 publication Critical patent/WO2015096695A1/fr

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W8/00Network data management
    • H04W8/18Processing of user or subscriber data, e.g. subscribed services, user preferences or user profiles; Transfer of user or subscriber data
    • H04W8/20Transfer of user or subscriber data
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/2866Architectures; Arrangements
    • H04L67/30Profiles
    • H04L67/306User profiles
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/34Network arrangements or protocols for supporting network services or applications involving the movement of software or configuration parameters 
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/55Push-based network services

Definitions

  • the present application relates to the field of information security technologies, and in particular, to an installation control method, system, and apparatus for an application.
  • BYOD Back Your Own Device
  • the enterprise application is set in the enterprise management client, and the enterprise application is The data is also saved in the Enterprise Management client.
  • the area where the personal application and data reside is called the personal area
  • the area where the enterprise application and data are located that is, the area created by the enterprise management client is called the work area.
  • each enterprise user downloads and installs the corresponding application in the above manner, and cannot guarantee the same application downloaded by each enterprise user.
  • the version is consistent, so there may be problems with late data incompatibility; in addition, each enterprise user has to search and download for each application, which will consume a lot of time for enterprise users, and whether the application can be downloaded after downloading
  • the compatibility of its own mobile terminal is also unknown, so this method wastes a lot of human resources, which is not conducive to improving the efficiency of the enterprise.
  • the present application has been made in order to provide an overcoming of the above problems or at least partially Or an installation control method, system, and apparatus for an application that alleviates the above problems.
  • An embodiment of the present application provides an installation control method for an application, where the method includes: determining, by the server, a mobile terminal of each user in the user group according to a list of applications to be pushed set for each user group; The mobile terminal of each user in the group detects whether the enterprise management client on the mobile terminal logs in; when detecting the enterprise management client login on the mobile terminal, the user group corresponding to the application list to be pushed The information of each application is provided to the enterprise management client, and the enterprise management client installs the applications in the work area.
  • An embodiment of the present application provides an application installation control system, where the system includes a server and an enterprise management client on at least one mobile terminal: a server configured to list a list of applications to be pushed according to each user group. Determining identification information of the mobile terminal of each user in the user group; detecting, for the mobile terminal of each user in the user group, whether the enterprise management client on the mobile terminal logs in; when detecting the enterprise management on the mobile terminal When the client logs in, the information of each application in the application list to be pushed corresponding to the user group is provided to the enterprise management client; and at least one enterprise management client is configured to receive the application list sent by the server. Information for each application and install the various applications described in the workspace.
  • An embodiment of the present application provides an enterprise management client, including: a receiving module, configured to receive information about each application in a list of applications to be pushed provided by a server; and an installation module configured to install the in the work area Each application.
  • An embodiment of the present application provides a method, a system, and a device for installing an application, where the server provides a mobile terminal corresponding to each user group to the enterprise management client on the mobile terminal when it logs in.
  • a list of pushed applications that enable the Enterprise Management client to install each application in the application list in the workspace. Since the server sets the corresponding application list to be pushed for each user group in the embodiment of the present application, the information of the application required by the user group may be included in the application list, and the user group is Provided to avoid the user's unclear understanding of their work, no problem of downloading or downloading the wrong application affects productivity, and reducing the workload of each user in the user group searching and downloading the corresponding application in the application list , saving users' time and improving their work efficiency.
  • FIG. 1 is a schematic structural diagram of a system of an enterprise management system of a mobile terminal according to an embodiment of the present application
  • FIG. 2 is a schematic diagram of an installation process of an application according to an embodiment of the present application
  • FIG. 3 is a diagram showing an installation process of an application program according to Embodiment 1 of the present application.
  • FIG. 4 is a diagram showing an installation process of an application program according to Embodiment 2 of the present application.
  • FIG. 5 is a structural diagram of an installation control system of an application program according to an embodiment of the present application.
  • FIG. 6 is a structural diagram of an enterprise management client according to an embodiment of the present application.
  • FIG. 7 is a block diagram of a server for performing a method in accordance with the present application.
  • Figure 8 illustrates a storage unit for holding or carrying program code that implements the method according to the present application.
  • the embodiment of the present application provides an application installation method, system and device. .
  • the enterprise management system of the mobile terminal provided by the embodiment of the present application is a mobile terminal management platform for an enterprise, including a server deployed on the intranet of the enterprise and a client installed on the mobile terminal to be managed.
  • the server deployed on the intranet of the enterprise is referred to as a server
  • the client installed on the mobile terminal to be managed is referred to as an enterprise management client. among them:
  • the main functions of the server include: managing and delivering the application of the intranet, as well as managing and delivering security policies.
  • the server also provides a wealth of mobile terminal statistics and management tools.
  • the enterprise administrator can view each of the servers to be managed through the server.
  • Detailed information of the mobile terminal including: terminal model, system version, IMEI (International Mobile Equipment Identification Number), serial number, MSISDN (Mobile Subscriber International ISDN/PSTN Number) Number, commonly known as mobile number), whether it is offline, whether it is Root (super user), password replacement time, whether to install security software, power information, wireless network information, etc.
  • data leakage prevention includes data encryption, data isolation, etc.
  • encrypted data may be data related to system files; or user selected financial documents, production Data in documents, sales documents, market documents, human resources files, etc.; can also be data of user personal files, such as photos, videos, logs, etc.
  • a brief description of data encryption is performed by taking an implementation on an Android system as an example.
  • Data encryption is implemented by .so (dynamic link library) file, mainly injecting code into the application, so that the apk (Android Package, Android installation package) is initialized to call the .so file, to ensure the timing of the .so file is running. It is earlier than the time the file is read or written by the application. If it is late, the file will become "half encrypted", causing file corruption.
  • the .so file intercepts all file operations of the application and implements encryption.
  • the enterprise management system of the mobile terminal establishes a secure and independent working area on the mobile terminal based on the data leakage prevention mechanism of the enterprise management client, without affecting the feelings of the enterprise employees on the personal application.
  • Memory space, work area memory space refers to the memory space allocated to the enterprise management client, all enterprise applications and data are stored in the protected workspace.
  • the memory space outside the working area memory space in the memory space of the mobile terminal is called a personal area memory space (referred to as a personal area), and all personal applications and data are stored in the personal area, and the personal application cannot access the working area, that is, Unable to access corporate data to prevent corporate data from being illegally accessed and accessed by personal applications.
  • the enterprise management system of the mobile terminal provided by the embodiment of the present application not only completely isolates enterprise data and personal data, but also better protects enterprise applications and data, and provides an undifferentiated personal application experience for the enterprise employees, and achieves “one machine”. The dual use effect.
  • the Enterprise Management Server provides two application delivery methods: free installation and mandatory installation.
  • the application delivered by the free installation method is freely available for enterprise users to download and install; the application that is issued by the mandatory installation method needs to be installed by the enterprise user before the working area can be used normally.
  • the mandatory installation mode is generally adopted; for the personal application in the personal area, the free installation mode is generally adopted.
  • the application that is delivered in the free installation mode will be displayed in the application list of the enterprise application market in the workspace.
  • the client user can choose to download and install the application.
  • the application delivered by the mandatory installation mode needs to be installed by the client user. Use the workspace.
  • the application black and white list can provide a security management mechanism for the personal application in the personal area.
  • the name and version number of the application that is forbidden to be installed is listed in the application blacklist, and the name and version number of the application that is only allowed to be installed are listed in the application whitelist.
  • the settings for applying a blacklist or applying a whitelist are all configurable by the enterprise administrator.
  • the settings for the enterprise administrator to apply the blacklist or apply the whitelist include the following scenarios:
  • Scenario 2 prohibit the installation of applications that are exposed to security breaches or malicious behavior. For example, some specific applications, or applications whose security software detects malicious behavior, or vulnerable applications scanned by the vulnerability scanning function, can use the blacklist to prohibit security breaches or malicious attacks. The installation of the behavior of the application.
  • Scenario 3 The installation of certain file sharing applications, such as the installation of a network disk, is prohibited. Because the file sharing application causes the internal resources of the enterprise to be uploaded to the cloud, thereby destroying the privacy of the enterprise information, that is, The application of the file sharing application can be disabled by applying a blacklist.
  • enterprises can flexibly control the installation of applications in each user group by applying blacklists or applying whitelists according to the actual needs of the enterprise.
  • the enterprise application is generally an application that is forcibly issued by the enterprise and installed on the mobile terminal of the enterprise employee.
  • the enterprise application has high security and reliability, and the enterprise employee can use it with confidence; the embodiment of the present application is forced to be installed.
  • the application that provides an application's installation control method. Use enterprise mandatory installation for enterprise applications in the workspace. The specific implementation manner is described below to explain the delivery process of the enterprise application.
  • FIG. 2 is a schematic diagram of an installation process of an application according to an embodiment of the present application, where the process includes the following steps:
  • S201 The server determines, according to the application list to be pushed set for each user group, the mobile terminal of each user in the user group.
  • a dedicated space is set up in the server for storing the installation package of the application uploaded to the server.
  • the dedicated space is referred to as an enterprise application library.
  • the server maintains the name and version number of all applications that have uploaded the installation package to the server.
  • the application list may also include other information about the application, such as upload time, installation package size, and installation amount.
  • the application management list can be used to maintain related information of the application, so that the enterprise administrator can view and edit the application management list, and view statistics such as the installation amount of each application.
  • the installation package of the application is uploaded by the enterprise to the enterprise management server.
  • the enterprise management server installs the application before saving the installation package of the application.
  • the package performs virus detection and reinforcement processing.
  • Hardening the application's installation package prevents the application from being easily reversed to obtain the secret Key information such as the key system, while adding data encryption to the application, increasing the security factor.
  • the hardening of the application installation package is mainly to change the content of the application's class.dex file, perform some algorithmic encryption on the content, and then dynamically decrypt the content when the apk (Android Package, Android installation package) is running, restore the content.
  • modifying the class.dex file make sure it conforms to the native format of the dex file.
  • the installation packages of all uploaded applications are virus-detected and hardened to prevent malicious tampering, code injection, memory modification, data theft, decompilation and other threats.
  • Users can be divided into different user groups according to the similarity of the applications used between users.
  • Each user group contains at least one user.
  • users in the same functional department use similar applications.
  • users in the finance department use the same financial software
  • users in the R&D department use the same development software
  • users in the administrative department use the same Office software
  • users in the marketing department will use instant chat tools, such as Fetion, WeChat, QQ and so on. Therefore, when the user is divided into different user groups, the user can be divided according to the functional part of the user.
  • an application such as an anti-virus software or a firewall that monitors the security status of the work area of the mobile terminal can be pushed to each user group and installed in the work area of the corresponding user mobile terminal.
  • the server stores the identification information of the mobile terminal of each user included in each user group, where the identification information is configured as The mobile terminal performs identification, and the mobile terminal can be distinguished by the identification information. Thereby, it is possible to determine which mobile terminals to push information of each application in the application list to by the identification information.
  • the user group may be determined according to the application program that needs to be used for different user groups in the server.
  • step S202 Detect whether the enterprise management client on the mobile terminal logs in for the mobile terminal of each user in the user group, and if the detection result is yes, proceed to step S203; otherwise, proceed to step S202.
  • Detecting whether the enterprise management client on the mobile terminal is logged in includes many methods. For example, the enterprise management client sends the login information to the server every time the login is performed, so that the server delivers the latest policy to the enterprise management client, so the server can Whether to receive the login information of the enterprise management client for detection; Alternatively, the server sends an inquiry request to the enterprise management client to detect according to whether the enterprise management client responds.
  • the detection method also includes a plurality of types, which are not described in the embodiment of the present application. It is believed that those skilled in the art can determine the corresponding detection method according to the description of the embodiments of the present application.
  • S203 The information about each application in the application list to be pushed corresponding to the user group is provided to the enterprise management client, so that the enterprise management client installs the application in a work area.
  • the application list to be pushed includes information of at least one application, and the information of the application may be identification information of the application, such as the name of the application, or the code of the application, and the like.
  • the information of the application may also include one or more of the version number information of the application and the download address information of the application.
  • the information of the application can be carried in the control signaling.
  • the application list contains information of two or more applications
  • the information of each application may be included in one control signaling. It is also provided to the enterprise management client; or, a control signaling may include information of an application, and the information of each application is separately provided to the enterprise management client.
  • the enterprise management client can download and install the corresponding application in the work area according to the information of the application provided by the server.
  • the server sets the corresponding application list to be pushed for each user group in the embodiment of the present application
  • the information of the application required by the user group may be included in the application list, and the user group is Provided to avoid the user's unclear understanding of their work, no problem of downloading or downloading the wrong application affects productivity, and reducing the workload of each user in the user group searching and downloading the corresponding application in the application list , saving users' time and improving their work efficiency.
  • the information of each application in the list of applications to be pushed may be set by the administrator, and the administrator will set the name and version of each application when setting the corresponding application list to be pushed for each user group.
  • the number and download address information are set in the application list for subsequent push to the corresponding user.
  • the information of each application in the list of applications to be pushed may also be extracted by the server in the application store according to the corresponding rules.
  • the installation package of the application uploaded to the server is saved in the application store, and the application store maintains the name and version number of all the applications that have uploaded the installation package to the server, and may of course include other information of the application, such as uploading. Time, installation package size, installation amount, etc.
  • the enterprise administrator can set the name and version number information of each application in the list of applications to be pushed by the server. Based on the information set, the server looks up the installation package of the application with the corresponding name and version number in the application store, and adds the download address information of the installation package of the application to the application list.
  • the server maintains a list of applications to be pushed corresponding to the user group for each user group, which should
  • the application list stores identification information, version number information, download address information, and the like of each application.
  • an application for monitoring security such as anti-virus software and security guards, is stored in the application list to be pushed for each user group in the server. Wait.
  • the application list to be pushed set by the user group corresponding to the R&D department stores the name, version number, and download address information of each programming software, and the list of applications to be pushed set for the user group corresponding to the finance department.
  • the name, version number, and download address information of each financial software are stored in the file, and the name, version number, and download address information of each office software are stored in the application list to be pushed for the user group corresponding to the administrative department.
  • the name of the instant chat tool, the version number, and the download address information are stored in the application list to be pushed set by the user group corresponding to the marketing department.
  • the server determines the application list to be pushed corresponding to each user group, in order to ensure that there is no duplication of the application pushed to each user's enterprise management server, the workload of repeatedly pushing the same application by the server is reduced, and the application is implemented.
  • the examples also include:
  • the server saves the information of the application to the list of applications that have been pushed for the mobile terminal according to the information of the application provided to the mobile terminal.
  • the method further includes:
  • the subsequent providing step is performed.
  • the server In order to reduce the workload of the server repeatedly pushing the same application, the server locally stores, for each mobile terminal, a list of applications that have been pushed, and an application that has been pushed to the mobile terminal is saved in the list of applications that have been pushed.
  • Information The information of the application may be identification information of the application, and the version number information of the application is also included in the information of the application.
  • the server may carry the information of the application in the control signaling, and send the control signaling to the enterprise management client.
  • the information of the application carried in the control signaling may include the download address information of the application.
  • the specific server obtains the download address information of the application
  • the server directly obtains the download address information from the application list, when the application list is not
  • the server obtains the download address information of the corresponding application according to the information of each application provided by the application market.
  • the installation package of the application saved in each download address information is subjected to virus detection, hardening processing, and Encrypted processing.
  • the installation package of the application is uploaded to the server by a third party.
  • the server performs virus on the installation package of the application before saving the installation package of the application. Detection, hardening, and encryption processing.
  • the installation packages of all uploaded applications are protected by virus detection and hardening, so as to prevent malicious tampering, code injection, memory modification, data theft, decompilation and other threats, so as to ensure the security of the workspace in the enterprise management client.
  • the information of the application includes: identification information of the application, version number information of the application, and download address information of the application. At least one application is included in the list of applications to be pushed.
  • FIG. 3 is a diagram of an installation process of an application program according to Embodiment 1 of the present application, and the process includes the following steps:
  • S301 The server determines, according to the application list to be pushed set for each user group, the mobile terminal of each user in the user group.
  • the application list contains information of at least one application.
  • step S302 Determine, according to the list of application programs that have been pushed for each mobile terminal, whether the download address information of the application corresponding to the identification information is provided to the mobile terminal, and if the determination result is yes, proceed to step S303; otherwise, Go to step S305.
  • step S303 Determine whether the version number information of the application that has been pushed to the mobile terminal is consistent with the version number information of the application. If the determination result is yes, proceed to step S304; otherwise, proceed to step S305.
  • S304 The information of the application is not pushed to the enterprise management client on the mobile terminal.
  • step S305 Detect whether the enterprise management client on the mobile terminal logs in to the mobile terminal of each user in the user group, and if the detection result is yes, proceed to step S306; otherwise, proceed to step S305.
  • S306 The download address information of the application is carried in the control signaling, and is provided to the enterprise management client on the mobile terminal.
  • the server obtains the download address information of the application
  • the server obtains the download address information of the application according to the information of each application provided by the application market.
  • the above is the identification information of the application included in the application list, and the version number information of the application is taken as an example.
  • the application list only contains the identification information of the application, the In the above determination, only the determination of the above S302 is required, and if the determination result is YES, the process proceeds to step S304, otherwise, the process proceeds to step S305.
  • the server lists the application in the application list. Download address information carried in control signaling Provided to the enterprise management client on the mobile terminal.
  • the application list contains more information about the application, such as the identification information of the application and the version number information of the application, which can reduce the probability of repeated push of the application, when the application included in the application list
  • the efficiency of the server pushing the application to the enterprise management client can be improved.
  • the enterprise management client installs the application in the work area, including:
  • the enterprise management client downloads the installation package of the application to the corresponding address according to the download address information of the application carried in the received control signaling, and uses the extracted super user root authority to install the workstation in the work area.
  • the installation package of the application or,
  • the enterprise management client downloads the installation package of the application to the corresponding address according to the download address information of the application carried in the received control signaling, and provides the user with a prompt to install the installation package of the application.
  • the information after receiving the confirmation information that the user installs the installation package, install the installation package of the application in the work area.
  • the enterprise management client uses the implementation on the Android system as an example when installing the installation package of the application.
  • the enterprise management client first extracts the root privilege through a root code, and uses the root privilege to start a service with the root privilege.
  • the local Socket (socket) interface is reserved for invocation.
  • the enterprise management client calls the Socket interface, so that the Service Hook with root authority is on a core process System Service of the Android system, so that the Service with Root permission can monitor the mechanism of communication with the Binder (process in the Android system).
  • related IOCTL input and output control
  • the enterprise management client downloads the installation package of the corresponding application to the working area according to the download address information in the control signaling, and provides the user with installation of the application.
  • the prompt information of the package and according to the received user's instruction, perform subsequent operations, and when receiving the confirmation information that the user installs the installation package, install the installation package of the application in the work area; the received user does not install the installation
  • the application's installation process ends.
  • Root privileges can access and modify almost all files in the user's mobile terminal (Android system files and user files, excluding ROM).
  • the root privilege is the only super administrator in the system and has the same privileges as the operating system.
  • the installation package of the downloaded application can be directly installed.
  • the enterprise management client can detect whether the root authority identification file exists in the common directory of the mobile terminal, thereby detecting whether the mobile terminal has root authority. For example, for the mobile terminal of the Android system, the enterprise management client can detect whether there is a SU file in a directory such as /system/bin/system/sbin/system/xbin, and when it detects that the SU file exists, it is determined that the mobile terminal has root authority.
  • the enterprise management client can detect whether there is a file that is usually not authorized to access in the /Applications directory, and when there is a file that is normally not authorized to access, It is determined that the mobile terminal has root authority; otherwise, it is determined that the mobile terminal does not have root authority.
  • FIG. 4 is a diagram of an installation process of an application program according to Embodiment 2 of the present application, where the process includes the following steps:
  • S401 The server determines, according to the application list to be pushed set for each user group, the mobile terminal of each user in the user group.
  • the application list contains information of at least one application.
  • step S402 Determine, according to the list of the application programs that have been pushed for each mobile terminal, whether the download address information of the application corresponding to the identification information is provided to the mobile terminal, and if the determination result is yes, proceed to step S403; otherwise, Go to step S405.
  • step S403 Determine whether the version number information of the application that has been pushed to the mobile terminal is consistent with the version number information of the application. If the determination result is yes, proceed to step S404; otherwise, proceed to step S405.
  • step S405 Detect whether the enterprise management client on the mobile terminal logs in for the mobile terminal of each user in the user group, and if the detection result is yes, proceed to step S406; otherwise, proceed to step S405.
  • S406 The download address information of the application is carried in the control signaling, and is provided to the enterprise management client on the mobile terminal.
  • the enterprise management client obtains the download address information of the application carried in the received control signaling, and then downloads the installation package of the application to the corresponding address.
  • S408 The enterprise management client uses the extracted super user root authority to install the installation package of the application in the work area.
  • the enterprise management client provides the user with prompt information for installing the installation package of the application, and after receiving the confirmation information that the user installs the installation package, installing the installation package of the application in the work area; When the user receives the information that the installation package is not installed, the installation process of the application ends.
  • the server sets the corresponding application list to be pushed for each user group in the embodiment of the present application
  • the information of the application required by the user group may be included in the application list, and the user group is Provided to avoid the user's unclear understanding of their work, no problem of downloading or downloading the wrong application affects productivity, and reducing the workload of each user in the user group searching and downloading the corresponding application in the application list , saving users' time and improving their work efficiency.
  • FIG. 5 is a structural diagram of an installation control system of an application program according to an embodiment of the present application.
  • the system includes a server 51 and an enterprise management client 52 on at least one mobile terminal:
  • the server 51 is configured to determine, according to the application list to be pushed set for each user group, the mobile terminal of each user in the user group; and detect, for the mobile terminal of each user in the user group, the mobile terminal Whether the enterprise management client 52 logs in; when detecting that the enterprise management client 52 on the mobile terminal logs in, the information of each application in the application list to be pushed corresponding to the user group is provided to the enterprise management client. End 52;
  • At least one enterprise management client 52 is configured to receive information of each application in the application list sent by the server, and install the applications in the work area.
  • the server 51 is further configured to save the information of the application to the list of applications that have been pushed for the mobile terminal according to the information of the application provided to the mobile terminal.
  • the server 51 is further configured to determine, according to the list of applications that have been pushed for the mobile terminal, whether to push the information of the application to the mobile terminal; when it is determined that the application is not pushed to the mobile terminal When the information is available, follow-up steps are provided.
  • the server 51 is configured to acquire download address information of the application included in the application list to be pushed for each application, and the download address information is provided in the control signaling to be Enterprise management client.
  • the at least one enterprise management client 52 is configured to download the installation package of the application to the corresponding address according to the downloaded address information of the application carried in the received control signaling, and use the extracted super user root authority. Install the installation package for the application.
  • the at least one enterprise management client 52 is configured to download an installation package of the application to a corresponding address according to the downloaded address information of the application carried in the received control signaling, and provide the user with whether to install the The prompt information of the installation package of the application, after receiving the confirmation information that the user installs the installation package, installs the installation package of the application.
  • the server 51 is further configured to perform virus detection, reinforcement processing, and encryption processing on the installation package corresponding to each application included in the application list.
  • FIG. 6 is a structural diagram of an enterprise management client according to an embodiment of the present application, including:
  • the receiving module 61 is configured to receive information about each application in the application list to be pushed provided by the server;
  • the installation module 62 is configured to install the applications in the work area.
  • the installation module 62 is configured to download the installation package of the application to the corresponding address according to the downloaded address information of the application carried in the received control signaling, and use the extracted super user root permission to install in the work area.
  • the installation package for the application is configured to download the installation package of the application to the corresponding address according to the downloaded address information of the application carried in the received control signaling, and use the extracted super user root permission to install in the work area.
  • the installation module 62 is configured to download an installation package of the application to a corresponding address according to the downloaded address information of the application carried in the received control signaling, and provide the user with installation of the application.
  • the prompt information of the package after receiving the confirmation information that the user installs the installation package, installs the installation package of the application in the work area.
  • An embodiment of the present application provides a method, a system, and a device for installing an application, where the server provides a mobile terminal corresponding to each user group to the enterprise management client on the mobile terminal when it logs in.
  • a list of pushed applications that enable the Enterprise Management client to install each application in the application list in the workspace. Since the server sets the corresponding application list to be pushed for each user group in the embodiment of the present application, the information of the application required by the user group may be included in the application list, and the user group is Provided to avoid the user's unclear understanding of their work, no problem of downloading or downloading the wrong application affects productivity, and reducing the workload of each user in the user group searching and downloading the corresponding application in the application list , saving users' time and improving their work efficiency.
  • the device in the embodiment of the present application may include various devices such as a computer device and a mobile device.
  • the mobile device may be a variety of mobile devices, such as a game console, a laptop computer, a portable media player, a tablet computer, a tablet computer, a PDA, a mobile computer, and a mobile phone.
  • modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment.
  • the modules or units or components of the embodiments may be combined into one module or unit or component, and further they may be divided into a plurality of sub-modules or sub-units or sub-components.
  • any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed, or All processes or units of the device are combined.
  • Each feature disclosed in this specification (including the accompanying claims, the abstract and the drawings) may be replaced by alternative features that provide the same, equivalent or similar purpose.
  • the various component embodiments of the present application can be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof.
  • a microprocessor or digital signal processor may be used in practice to implement some or all of the installation control system of an application in accordance with embodiments of the present application. Some or all of the features.
  • the application can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein.
  • Such a program implementing the present application may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.
  • FIG. 7 shows a server that can implement an installation control method of an application according to the present application.
  • the server conventionally includes a processor 710 and a computer program product or computer readable medium in the form of a memory 720.
  • Memory 720 can be an electronic memory such as a flash memory, EEPROM (Electrically Erasable Programmable Read Only Memory), EPROM, hard disk, or ROM.
  • Memory 420 has a memory space 730 for program code 731 for performing any of the method steps described above.
  • storage space 730 for program code may include various program code 431 for implementing various steps in the above methods, respectively.
  • the program code can be read from or written to one or more computer program products.
  • Such computer program products include program code carriers such as hard disks, compact disks (CDs), memory cards or floppy disks.
  • Such a computer program product is typically a portable or fixed storage unit as described with reference to FIG.
  • the storage unit may have a storage section, a storage space, and the like arranged similarly to the storage 720 in the server of FIG.
  • the program code can be compressed, for example, in an appropriate form.
  • the storage unit includes computer readable code 731', code that can be read by a processor, such as 710, which, when executed by a server, causes the server to perform various steps in the methods described above.
  • "an embodiment," or "an embodiment," or "one or more embodiments" as used herein means that the particular features, structures, or characteristics described in connection with the embodiments are included in at least one embodiment of the present application.
  • phrase "in one embodiment" is not necessarily referring to the same embodiment.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Databases & Information Systems (AREA)
  • Stored Programmes (AREA)

Abstract

L'invention concerne un procédé, un système et un dispositif de commande d'installation de programme d'application, qui résolvent les problèmes de perte de temps et de faible efficacité quand un utilisateur télécharge un programme d'application. Dans le procédé, pour un terminal mobile correspondant à chaque groupe d'utilisateurs, lorsqu'il est détecté qu'un client de gestion d'entreprise (52) sur le terminal mobile ouvre une session, un serveur (51) fournit une liste de programmes d'application à pousser pour ce groupe, de manière que le client de gestion d'entreprise (52) installe divers programmes d'application figurant dans la liste de programmes d'application dans une zone de travail. Dans la solution, étant donné que le serveur (51) établit, pour chaque groupe d'utilisateurs, la liste de programmes d'application à pousser qui lui correspond, les informations concernant un programme d'application requis par le groupe d'utilisateurs peuvent être contenues dans la liste de programmes d'application et sont fournies pour le groupe d'utilisateurs, ce qui permet de réduire la charge de travail de chaque utilisateur du groupe d'utilisateurs pour rechercher des programmes d'application correspondants dans la liste de programmes d'application et les télécharger, de faire gagner du temps à l'utilisateur et d'améliorer l'efficacité de son travail.
PCT/CN2014/094653 2013-12-23 2014-12-23 Procédé, système et dispositif de commande d'installation de programme d'application WO2015096695A1 (fr)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201310717720.5 2013-12-23
CN201310717720.5A CN103677935A (zh) 2013-12-23 2013-12-23 一种应用程序的安装控制方法、系统及装置

Publications (1)

Publication Number Publication Date
WO2015096695A1 true WO2015096695A1 (fr) 2015-07-02

Family

ID=50315592

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2014/094653 WO2015096695A1 (fr) 2013-12-23 2014-12-23 Procédé, système et dispositif de commande d'installation de programme d'application

Country Status (2)

Country Link
CN (1) CN103677935A (fr)
WO (1) WO2015096695A1 (fr)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115454827A (zh) * 2022-08-23 2022-12-09 中科方德软件有限公司 兼容性检测方法、系统、设备和介质
CN116400935A (zh) * 2023-06-09 2023-07-07 贵州爱信诺航天信息有限公司 基于国产化平台的跨平台部署系统及方法

Families Citing this family (27)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103677935A (zh) * 2013-12-23 2014-03-26 北京奇虎科技有限公司 一种应用程序的安装控制方法、系统及装置
CN104104677B (zh) * 2014-07-11 2017-07-28 北京奇虎科技有限公司 应用程序预告方法、客户端和电子设备
CN104899069A (zh) * 2015-07-01 2015-09-09 王小安 一种应用软件管理系统
CN105046138A (zh) * 2015-07-13 2015-11-11 山东超越数控电子有限公司 一种基于飞腾处理器的可信管理系统及方法
CN105045625B (zh) * 2015-07-17 2018-07-31 上海斐讯数据通信技术有限公司 一种Android平台下root权限管控方法
CN106909401B (zh) * 2015-12-22 2021-05-25 北京奇虎科技有限公司 一种应用程序的控制方法及装置
CN105912353B (zh) * 2015-12-23 2019-12-27 北京奇虎科技有限公司 应用程序封装方法及装置
CN105653975B (zh) * 2015-12-24 2019-06-07 北京奇虎科技有限公司 App运行控制方法及装置
CN107770148B (zh) * 2017-03-03 2020-09-29 平安医疗健康管理股份有限公司 软件部署方法及装置
CN109408068A (zh) * 2017-08-30 2019-03-01 深圳互联先锋科技有限公司 一种软件安装方法及系统
CN108681662B (zh) * 2018-05-17 2022-04-29 创新先进技术有限公司 一种安装程序的方法及装置
CN110264321A (zh) * 2019-06-27 2019-09-20 中国石油集团东方地球物理勘探有限责任公司 一种订单生成方法、装置、电子设备及存储介质
CN111309345A (zh) * 2020-02-21 2020-06-19 广州欢网科技有限责任公司 应用商店分区域管控方法、装置及系统
CN111737368B (zh) 2020-07-24 2020-12-18 支付宝(杭州)信息技术有限公司 一种数据处理方法、装置、设备及介质
CN113657960A (zh) 2020-08-28 2021-11-16 支付宝(杭州)信息技术有限公司 一种基于可信资产数据的匹配方法、装置及设备
CN111741036B (zh) 2020-08-28 2020-12-18 支付宝(杭州)信息技术有限公司 一种可信数据传输方法、装置及设备
CN111818094B (zh) 2020-08-28 2021-01-05 支付宝(杭州)信息技术有限公司 一种身份注册方法、装置及设备
CN111814172A (zh) 2020-08-28 2020-10-23 支付宝(杭州)信息技术有限公司 一种数据授权信息的获取方法、装置及设备
CN111814196B (zh) 2020-09-04 2021-01-05 支付宝(杭州)信息技术有限公司 一种数据处理方法、装置及设备
CN111814195B (zh) 2020-09-04 2021-05-25 支付宝(杭州)信息技术有限公司 一种基于可信硬件的数据管理方法、装置及设备
CN115033919A (zh) 2020-09-04 2022-09-09 支付宝(杭州)信息技术有限公司 一种基于可信设备的数据获取方法、装置及设备
CN111932426B (zh) 2020-09-15 2021-01-26 支付宝(杭州)信息技术有限公司 一种基于可信硬件的身份管理方法、装置及设备
CN111931238B (zh) 2020-09-15 2021-05-04 支付宝(杭州)信息技术有限公司 一种基于区块链的数据资产流转方法、装置及设备
CN111930846B (zh) 2020-09-15 2021-02-23 支付宝(杭州)信息技术有限公司 一种数据处理方法、装置及设备
CN114528114B (zh) * 2020-11-09 2023-09-19 成都鼎桥通信技术有限公司 数据处理方法、装置及设备
CN113536243B (zh) * 2021-07-09 2022-03-25 益世信息技术(杭州)有限公司 基于权限分析的企业内部软件使用管理系统
CN113553072A (zh) * 2021-07-23 2021-10-26 中信银行股份有限公司 一种客户端管理方法及装置

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102111749A (zh) * 2011-02-18 2011-06-29 宇龙计算机通信科技(深圳)有限公司 推送定制应用的方法以及服务器和移动终端
CN102946599A (zh) * 2012-11-08 2013-02-27 惠州Tcl移动通信有限公司 实现移动终端应用程序下载的方法及移动终端
CN103366001A (zh) * 2013-07-17 2013-10-23 北京网秦天下科技有限公司 用于企业用户的应用程序推送方法、服务器和系统
CN103402195A (zh) * 2013-07-29 2013-11-20 广州供电局有限公司 企业级移动终端的应用处理方法和企业级移动应用平台
CN103677935A (zh) * 2013-12-23 2014-03-26 北京奇虎科技有限公司 一种应用程序的安装控制方法、系统及装置

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101959179B (zh) * 2009-07-17 2014-08-20 华为技术有限公司 一种提供移动终端应用程序的方法、服务器和移动终端
CN101848230A (zh) * 2010-01-27 2010-09-29 宇龙计算机通信科技(深圳)有限公司 一种推送应用程序的方法及应用程序服务器
CN102591942B (zh) * 2011-12-27 2013-11-13 奇智软件(北京)有限公司 一种应用自动推荐的方法及装置
CN102567511B (zh) * 2011-12-27 2013-10-02 奇智软件(北京)有限公司 一种应用自动推荐的方法及装置
US9058495B2 (en) * 2013-05-16 2015-06-16 Airwatch Llc Rights management services integration with mobile device management

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102111749A (zh) * 2011-02-18 2011-06-29 宇龙计算机通信科技(深圳)有限公司 推送定制应用的方法以及服务器和移动终端
CN102946599A (zh) * 2012-11-08 2013-02-27 惠州Tcl移动通信有限公司 实现移动终端应用程序下载的方法及移动终端
CN103366001A (zh) * 2013-07-17 2013-10-23 北京网秦天下科技有限公司 用于企业用户的应用程序推送方法、服务器和系统
CN103402195A (zh) * 2013-07-29 2013-11-20 广州供电局有限公司 企业级移动终端的应用处理方法和企业级移动应用平台
CN103677935A (zh) * 2013-12-23 2014-03-26 北京奇虎科技有限公司 一种应用程序的安装控制方法、系统及装置

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115454827A (zh) * 2022-08-23 2022-12-09 中科方德软件有限公司 兼容性检测方法、系统、设备和介质
CN115454827B (zh) * 2022-08-23 2023-08-11 中科方德软件有限公司 兼容性检测方法、系统、设备和介质
CN116400935A (zh) * 2023-06-09 2023-07-07 贵州爱信诺航天信息有限公司 基于国产化平台的跨平台部署系统及方法
CN116400935B (zh) * 2023-06-09 2023-08-18 贵州爱信诺航天信息有限公司 一种应用安装系统及方法

Also Published As

Publication number Publication date
CN103677935A (zh) 2014-03-26

Similar Documents

Publication Publication Date Title
WO2015096695A1 (fr) Procédé, système et dispositif de commande d'installation de programme d'application
US11244049B2 (en) Use of an application controller to monitor and control software file and application environments
US10257207B2 (en) Managed clone applications
US11237817B2 (en) Operating system update management for enrolled devices
EP3404948B1 (fr) Approbation d'application sélective centralisée pour dispositifs mobiles
US10354068B2 (en) Anonymized application scanning for mobile devices
US8839354B2 (en) Mobile enterprise server and client device interaction
US9177145B2 (en) Modified file tracking on virtual machines
US9152784B2 (en) Detection and prevention of installation of malicious mobile applications
US8850549B2 (en) Methods and systems for controlling access to resources and privileges per process
EP2852913B1 (fr) Procédé et appareil de détermination de programme malveillant
US10505983B2 (en) Enforcing enterprise requirements for devices registered with a registration service
US9100440B1 (en) Systems and methods for applying data loss prevention policies to closed-storage portable devices
US9917862B2 (en) Integrated application scanning and mobile enterprise computing management system
US20200092332A1 (en) Enabling webapp security through containerization
WO2014150339A2 (fr) Procédé et système permettant à des applications non-liées de communiquer entre elles
JP2016189201A (ja) コンピュータセキュリティのためのイノキュレータ及び抗体
US10169584B1 (en) Systems and methods for identifying non-malicious files on computing devices within organizations
US9219728B1 (en) Systems and methods for protecting services
CN105791221B (zh) 规则下发方法及装置
US11671422B1 (en) Systems and methods for securing authentication procedures
US20130263278A1 (en) Method and apparatus for controlling operations performed by a mobile co
US11882123B2 (en) Kernel level application data protection
US20230291589A1 (en) Integration of oem endpoint management and unified endpoint management
CN117932595A (zh) 权限控制方法、装置、终端设备及计算机可读存储介质

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 14873591

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 14873591

Country of ref document: EP

Kind code of ref document: A1