WO2016107343A1 - Detection method and device for application privacy security information - Google Patents

Detection method and device for application privacy security information Download PDF

Info

Publication number
WO2016107343A1
WO2016107343A1 PCT/CN2015/095596 CN2015095596W WO2016107343A1 WO 2016107343 A1 WO2016107343 A1 WO 2016107343A1 CN 2015095596 W CN2015095596 W CN 2015095596W WO 2016107343 A1 WO2016107343 A1 WO 2016107343A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
file
privacy
security information
detecting
Prior art date
Application number
PCT/CN2015/095596
Other languages
French (fr)
Chinese (zh)
Inventor
张爽
Original Assignee
北京奇虎科技有限公司
奇智软件(北京)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 北京奇虎科技有限公司, 奇智软件(北京)有限公司 filed Critical 北京奇虎科技有限公司
Publication of WO2016107343A1 publication Critical patent/WO2016107343A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data

Definitions

  • the present invention relates to an information security technology, and in particular to a method and apparatus for detecting privacy security information.
  • the above-mentioned manual detection method can achieve the purpose of detecting the application of privacy and security information, but the precondition for the detection is that the application is installed on the operating system, and the detection process and the detection result recording process are manually completed, which takes time. Laborious, resulting in low detection efficiency; at the same time, because the application of private security information based on privacy access analysis, the detection of application privacy security information is not comprehensive.
  • the present invention provides a method and apparatus for detecting privacy security information, and the main purpose thereof is to improve detection efficiency and detection accuracy of application privacy security information.
  • a method for detecting privacy security information including include:
  • the application privacy security information is detected according to the privacy access right and/or the background running mode.
  • an embodiment of the present invention provides a device for detecting privacy security information, including:
  • An obtaining unit for obtaining an installation file of the application An obtaining unit for obtaining an installation file of the application
  • a decompression unit configured to decompress the installation file obtained by the acquiring unit, to obtain a privacy access right and a background operation mode corresponding to the application;
  • a detecting unit configured to detect the application privacy security information according to the privacy access right and/or the background running mode.
  • a computer program comprising computer readable code, when the computer readable code is executed on a terminal device, causing the terminal device to perform any of the above application privacy security information Detection method.
  • a computer readable medium storing a computer program for executing the detection method of any of the application privacy security information described above is stored.
  • the technical solution provided by the embodiment of the present invention has at least the following advantages:
  • the technical solution provided by the embodiment of the present invention first obtains an installation file of the application, and then decompresses the installation file to obtain a privacy access right and a background running mode corresponding to the application, and finally according to the privacy access right and/or the background.
  • the operating mode detects the application privacy security information.
  • the embodiment of the present invention can perform more comprehensive analysis and detection on the application privacy security information according to the privacy access right and the background running mode, and the detection and detection are performed according to the privacy access right of the application.
  • the process and test result recording process can be automatically performed by the intelligent terminal, thereby improving the detection efficiency.
  • FIG. 1 is a flowchart of a method for detecting privacy security information according to an embodiment of the present invention
  • FIG. 2 is a flowchart of another method for detecting privacy security information according to an embodiment of the present invention
  • FIG. 3 is a schematic structural diagram of a device for detecting privacy security information according to an embodiment of the present invention.
  • FIG. 4 is a schematic structural diagram of another apparatus for detecting privacy security information according to an embodiment of the present invention.
  • Figure 5 shows a block diagram of a terminal device for performing the method according to the invention
  • Figure 6 shows a storage unit for holding or carrying program code implementing the method according to the invention.
  • An embodiment of the present invention provides a method for detecting privacy security information. As shown in FIG. 1 , the method may be applied to a smart terminal, where the method includes:
  • the installation file of the corresponding application can be downloaded from the official Apple App Store.
  • the installation file can be an IPA (iPhone Application) format file
  • the installation file of the corresponding application can also be downloaded from the third-party application distribution platform.
  • the installation file can be an APK (Android Package) format file.
  • the privacy access permission is a specific permission that the application has, for example, access rights to private data such as contact information, photo information, and short information stored in the terminal, and the background running mode may specifically be that the application has a function running in the background.
  • the background running mode may specifically be that the application has a function running in the background.
  • Apple's iOS system there is a strict requirement for the authorization of the background running mode of the application. At present, only the application running mode with the music playing function, or the navigation function or the network phone function is authorized.
  • the application of the privacy security information is detected by the combination of the privacy access right and/or the background running mode, and is more comprehensive than the current detection of the application security security information only through the privacy access right.
  • the analysis of the application privacy security information improves the detection efficiency of the application privacy security information.
  • the method for detecting the application of the privacy security information provided by the embodiment of the present invention first obtains an installation file of the application, and then decompresses the installation file to obtain a privacy access right and a background operation mode corresponding to the application, and finally according to the privacy access.
  • the rights and/or the background mode of operation detect the application privacy security information.
  • the embodiment of the present invention can perform more comprehensive analysis and detection on the application privacy security information according to the privacy access right and the background running mode, and the detection and detection are performed according to the privacy access right of the application.
  • the process and test result recording process can be automatically performed by the intelligent terminal, thereby improving the detection efficiency.
  • the embodiment of the present invention provides another method for detecting privacy security information. As shown in FIG. 2, the method may be applied to a smart terminal, where the method includes:
  • the installation file of the corresponding application can be downloaded from the official Apple App Store.
  • the installation file can be an IPA (iPhone Application) format file
  • the installation file of the corresponding application can also be downloaded from the third-party application distribution platform.
  • the installation file can be an APK (Android Package) format file.
  • decompressing the installation file to obtain the privacy access right corresponding to the application may include: decompressing the installation file, obtaining an executable file corresponding to the application, and then parsing the file by using a preset command line tool.
  • the executable file is a portable executable (PE) file format file, which can be loaded into the memory and executed by the operating system loader, and can be an .exe file, a .sys file, a .com file, or the like.
  • the command line tool can be the otool command line tool in the XCode programming software.
  • the executable file is parsed by the command line tool to obtain the privacy access right of the application.
  • the command can be parsed by the command line tool to obtain the privacy access permission of the application.
  • the accuracy of the detection, and the detection process and the detection result recording process can be automatically performed by the intelligent terminal, thereby improving the detection efficiency.
  • the decompressing the installation file to obtain the executable file corresponding to the application may include: decompressing the installation file, obtaining a configuration information file, and then obtaining executable executables corresponding to the application from the configuration information file. a file name, and finally obtaining an executable file corresponding to the application from the installation file according to the executable file name.
  • the configuration information file may be a structured text file, which contains some important configuration information, and when read by the system, may provide application configuration information to the system.
  • the configuration information file can be an Info.plist file, and the Info.plist file is a structured text file containing some important ios applications.
  • Configuration information for example, includes localized language, application icon name, name of the help file, executable file name, background run mode, and more.
  • the Info.plist file contains the executable name CFBundleExecutable.
  • decompressing the installation file to obtain a background running mode corresponding to the application may include: decompressing the installation file, obtaining a configuration information file of the application, and then using the preset command line tool to In the configuration information file, the background running mode corresponding to the application is obtained.
  • the configuration information file may be an Info.plist file
  • the background running mode included in the Info.plist file is UIBackgroundModes, and only when the application of the privacy security information is currently detected.
  • the embodiment of the present invention increases the acquisition and analysis of the application background running mode, and can more comprehensively detect the application privacy security information.
  • detecting whether the privacy access right of the application meets a preset condition and detecting whether the application category information corresponding to the application matches the preset application category information, where the preset application category information is authorized in the ios system.
  • the application category information corresponding to the application running in the background running mode is a preset condition.
  • the preset condition can be configured according to the actual needs of the user.
  • the preset condition can be configured to have no access right to private data such as contact information, photo information, and short information saved in the terminal.
  • private data such as contact information, photo information, and short information saved in the terminal.
  • Apple's ios system there is a strict requirement for the authorization of the background running mode of the application. At present, only the application with the music playing function, or the navigation function or the network telephone function is authorized to run the background running mode. Therefore, the preset application category information can be Configured as a music player application, navigation application, VoIP application
  • the threat identifier may be applied to the application, or the prompt information may be displayed in real time to prompt The user is at risk of this application.
  • the process of decompressing the installation file to obtain the privacy access right and the background running mode corresponding to the application may include:
  • the installation file can be downloaded from the official AppStore store of Apple or from the application distribution platform of the third party; then decompress the IPA installation file of the ios application through the decompression tool.
  • a configuration information file that is, an Info.plist file
  • a background running mode of the ios application that is, UIBackgroundModes
  • an executable file name of the ios application that is, CFBundleExecutable, and then according to CFBundleExecutable
  • decompressing the IPA installation file of the ios application by a decompression tool to obtain an executable file of the ios application
  • decompression tool to obtain an executable file of the ios application
  • the executable file is parsed to obtain the ios Framework configured in the ios application, and the privacy access permission of the ios application is obtained through the ios Framework, wherein the specific manifestation of the ios Framework can be as follows:
  • the above table only lists some information about the ios Framework related to the application of privacy security information, but is not limited thereto.
  • the above steps are sequentially performed, and information such as the privacy access right and the background running mode of each ios application can be obtained.
  • Another method for detecting privacy security information provided by an embodiment of the present invention first obtains an installation file of an application, and then decompresses the installation file to obtain a privacy access right corresponding to the application. And the background running mode, and finally detecting the application privacy security information according to the privacy access right and/or the background running mode.
  • the embodiment of the present invention can perform more comprehensive analysis and detection on the application privacy security information according to the privacy access right and the background running mode, and the detection and detection are performed according to the privacy access right of the application.
  • the process and test result recording process can be automatically performed by the intelligent terminal, thereby improving the detection efficiency.
  • the embodiment of the present invention provides a device for detecting privacy security information.
  • the device may be an intelligent terminal, and the device may include: an acquiring unit. 31. Decompression unit 32 and detection unit 33.
  • the obtaining unit 31 may be configured to acquire an installation file of the application.
  • the decompression unit 32 can be used to decompress the installation file acquired by the obtaining unit 31, and obtain the privacy access right and the background running mode corresponding to the application.
  • the detecting unit 33 may be configured to detect the application privacy security information according to the privacy access right and/or the background running mode.
  • the device for detecting privacy security information provided by the embodiment of the present invention first obtains an installation file of an application, and then decompresses the installation file to obtain a privacy access right and a background operation mode corresponding to the application, and finally according to the privacy access.
  • the rights and/or the background mode of operation detect the application privacy security information.
  • the embodiment of the present invention can perform more comprehensive analysis and detection on the application privacy security information according to the privacy access right and the background running mode, and the detection and detection are performed according to the privacy access right of the application.
  • the process and test result recording process can be automatically performed by the intelligent terminal, thereby improving the detection efficiency.
  • the embodiment of the present invention provides another apparatus for detecting privacy security information.
  • the apparatus may be an intelligent terminal, and the apparatus includes: acquiring The unit 41, the decompression unit 42, and the detection unit 43.
  • the obtaining unit 41 can be configured to acquire an installation file of the application.
  • the decompression unit 42 can be used to decompress the installation file acquired by the obtaining unit 41, and obtain the privacy access right and the background running mode corresponding to the application.
  • the detecting unit 43 may be configured to detect the application privacy security information according to the privacy access right and/or the background running mode.
  • the decompressing unit 42 is specifically configured to decompress the installation file to obtain an executable file corresponding to the application, and parse the executable file by using a preset command line tool to obtain a privacy access permission corresponding to the application. .
  • the decompression unit 42 includes:
  • the first decompression module 421 is configured to decompress the installation file to obtain a configuration information file configuration information file.
  • the first obtaining module 422 is configured to obtain, by using the preset command line tool, the background running mode corresponding to the application from the configuration information file.
  • the decompression unit 42 further includes:
  • the second decompression module 423 is configured to decompress the installation file to obtain a configuration information file.
  • the second obtaining module 424 is configured to obtain an executable file name corresponding to the application from the configuration information file obtained by the second decompression module 423.
  • the second obtaining module 424 is further configured to obtain, from the installation file, an executable file corresponding to the application according to the obtained executable file name.
  • the application is an ios application
  • the detecting unit 43 is specifically configured to detect whether the privacy access right of the application meets a preset condition, and detect whether the application category information corresponding to the application is related to preset application category information.
  • the preset application category information is application category information corresponding to an application authorized to perform a background running mode in the ios system.
  • the device further includes:
  • the alarm unit 44 is configured to perform an alarm if the privacy access right of the application does not meet the preset condition or the application category information corresponding to the application does not match the preset application category information.
  • Another apparatus for detecting privacy security information provided by an embodiment of the present invention first acquires Using the installation file, and then decompressing the installation file, obtaining the privacy access right and the background running mode corresponding to the application, and finally detecting the application privacy security information according to the privacy access right and/or the background running mode. .
  • the embodiment of the present invention can perform more comprehensive analysis and detection on the application privacy security information according to the privacy access right and the background running mode, and the detection and detection are performed according to the privacy access right of the application.
  • the process and test result recording process can be automatically performed by the intelligent terminal, thereby improving the detection efficiency.
  • modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment.
  • the modules or units or components of the embodiments may be combined into one module or unit or component, and further they may be divided into a plurality of sub-modules or sub-units or sub-components.
  • any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed, or All processes or units of the device are combined.
  • Each feature disclosed in this specification (including the accompanying claims, the abstract and the drawings) may be replaced by alternative features that provide the same, equivalent or similar purpose.
  • the various component embodiments of the present invention may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof.
  • a microprocessor or digital signal processor may be used in practice to implement some or all of some or all of the components of the method and apparatus for detecting privacy security information in accordance with embodiments of the present invention. All features.
  • the invention can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein.
  • Such a program implementing the invention may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.
  • FIG. 5 illustrates a terminal device that can implement detection of application privacy security information in accordance with the present invention.
  • the terminal device conventionally includes a processor 510 and a computer program product or computer readable medium in the form of a memory 520.
  • the memory 520 can be, for example, a flash memory, Electronic memory such as EEPROM (Electrically Erasable Programmable Read Only Memory), EPROM, hard disk or ROM.
  • Memory 520 has a memory space 530 for program code 531 for performing any of the method steps described above.
  • storage space 530 for program code may include various program code 531 for implementing various steps in the above methods, respectively.
  • the program code can be read from or written to one or more computer program products.
  • These computer program products include program code carriers such as hard disks, compact disks (CDs), memory cards or floppy disks.
  • Such computer program products are typically portable or fixed storage units as described with reference to FIG.
  • the storage unit may have a storage section, a storage space, and the like arranged similarly to the storage 520 in the terminal device of FIG.
  • the program code can be compressed, for example, in an appropriate form.
  • the storage unit comprises computer readable code 531 'is a code readable by a processor, such as 510, which when executed by the terminal device causes the terminal device to perform each of the methods described above step.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Bioethics (AREA)
  • Storage Device Security (AREA)
  • Telephone Function (AREA)

Abstract

Disclosed are a detection method and device for application privacy security information, which relate to the technical field of information security, can more fully analyse and detect the application privacy security information, and can improve the detection efficiency of the application privacy security information at the same time. The method comprises: firstly acquiring an installation document of an application, then decompressing the installation document to obtain a privacy access permission and a background operation mode corresponding to the application, and finally detecting the application privacy security information according to the privacy access permission and/or the background operation mode. The present invention is applicable to the protection of a user's privacy security.

Description

应用隐私安全信息的检测方法及装置Method and device for detecting privacy security information 技术领域Technical field
本发明涉及一种信息安全技术,特别是涉及一种应用隐私安全信息的检测方法及装置。The present invention relates to an information security technology, and in particular to a method and apparatus for detecting privacy security information.
背景技术Background technique
近些年来,随着智能终端设备的飞速发展,智能移动操作系统给越来越多的人们带来了简单、愉快、实用的体验。目前市场上比较流行的操作系统有:苹果公司的ios系统、谷歌公司的安卓系统、微软公司的Windows Phone系统等,这些操作系统可以配置很多的应用,使得智能终端设备具有丰富的功能。但是对于一些具有特定权限的应用,可能会对用户隐私信息安全造成危害。In recent years, with the rapid development of smart terminal devices, intelligent mobile operating systems have brought more, more people, simple, pleasant and practical experiences. Currently popular operating systems on the market are: Apple's iOS system, Google's Android system, Microsoft's Windows Phone system, etc. These operating systems can be configured with many applications, making smart terminal devices rich in functions. However, for some applications with specific permissions, it may be harmful to the security of user privacy information.
目前为了防止侵犯用户隐私安全,需要首先捋应用安装在操作系统上,然后采用人工方式在操作系统的隐私设置中查看并人工记录该应用的隐私访问权限,然后根据隐私访问权限分析人工分析应用隐私安全信息。At present, in order to prevent infringement of user privacy, it is necessary to first install the application on the operating system, then manually view and manually record the privacy access rights of the application in the privacy settings of the operating system, and then manually analyze the application privacy according to the privacy access authority. Security Information.
然而上述人工方式检测的方法,虽然能达到检测应用隐私安全信息的目的,但是进行检测的前提条件是应用已安装在操作系统上,而且检测过程和检测结果记录过程都是人工方式完成的,费时费力,造成检测效率较低;同时,由于只根据隐私访问权限分析应用隐私安全信息,造成对应用隐私安全信息的检测不够全面。However, the above-mentioned manual detection method can achieve the purpose of detecting the application of privacy and security information, but the precondition for the detection is that the application is installed on the operating system, and the detection process and the detection result recording process are manually completed, which takes time. Laborious, resulting in low detection efficiency; at the same time, because the application of private security information based on privacy access analysis, the detection of application privacy security information is not comprehensive.
发明内容Summary of the invention
有鉴于此,本发明提供一种应用隐私安全信息的检测方法及装置,主要目的在于提高应用隐私安全信息的检测效率和检测精度。In view of this, the present invention provides a method and apparatus for detecting privacy security information, and the main purpose thereof is to improve detection efficiency and detection accuracy of application privacy security information.
依据本发明一个方面,提供了一种应用隐私安全信息的检测方法,包 括:According to an aspect of the present invention, a method for detecting privacy security information is provided, including include:
获取应用的安装文件;Get the installation file of the app;
解压所述安装文件,得到所述应用对应的隐私访问权限和后台运行模式;Decompressing the installation file to obtain a privacy access right and a background running mode corresponding to the application;
根据所述隐私访问权限和/或所述后台运行模式,对所述应用隐私安全信息进行检测。The application privacy security information is detected according to the privacy access right and/or the background running mode.
另一方面,本发明实施例提供了一种应用隐私安全信息的检测装置,包括:On the other hand, an embodiment of the present invention provides a device for detecting privacy security information, including:
获取单元,用于获取应用的安装文件;An obtaining unit for obtaining an installation file of the application;
解压单元,用于解压所述获取单元获取的所述安装文件,得到所述应用对应的隐私访问权限和后台运行模式;a decompression unit, configured to decompress the installation file obtained by the acquiring unit, to obtain a privacy access right and a background operation mode corresponding to the application;
检测单元,用于根据所述隐私访问权限和/或所述后台运行模式,对所述应用隐私安全信息进行检测。And a detecting unit, configured to detect the application privacy security information according to the privacy access right and/or the background running mode.
根据本发明的又一个方面,提供了一种计算机程序,其包括计算机可读代码,当所述计算机可读代码在终端设备上运行时,导致所述终端设备执行上述的任一个应用隐私安全信息的检测方法。According to still another aspect of the present invention, a computer program is provided, comprising computer readable code, when the computer readable code is executed on a terminal device, causing the terminal device to perform any of the above application privacy security information Detection method.
根据本发明的再一个方面,提供了一种计算机可读介质,其中存储了执行上述的任一个应用隐私安全信息的检测方法的计算机程序。According to still another aspect of the present invention, a computer readable medium storing a computer program for executing the detection method of any of the application privacy security information described above is stored.
借由上述技术方案,本发明实施例提供的技术方案至少具有下列优点:With the above technical solution, the technical solution provided by the embodiment of the present invention has at least the following advantages:
本发明实施例提供的技术方案,先获取应用的安装文件,然后解压所述安装文件,得到所述应用对应的隐私访问权限和后台运行模式,最后根据所述隐私访问权限和/或所述后台运行模式对所述应用隐私安全信息进行检测。与目前根据应用的隐私访问权限,通过人工方式检测应用隐私安全信息相比,本发明实施例根据隐私访问权限和后台运行模式可以对所述应用隐私安全信息进行更加全面的分析与检测,而且检测过程和检测结果记录过程可以通过智能终端自动执行完成,进而提升了检测效率。The technical solution provided by the embodiment of the present invention first obtains an installation file of the application, and then decompresses the installation file to obtain a privacy access right and a background running mode corresponding to the application, and finally according to the privacy access right and/or the background. The operating mode detects the application privacy security information. The embodiment of the present invention can perform more comprehensive analysis and detection on the application privacy security information according to the privacy access right and the background running mode, and the detection and detection are performed according to the privacy access right of the application. The process and test result recording process can be automatically performed by the intelligent terminal, thereby improving the detection efficiency.
上述说明仅是本发明技术方案的概述,为了能够更清楚了解本发明的技术手段,而可依照说明书的内容予以实施,并且为了让本发明的上述和 其它目的、特征和优点能够更明显易懂,以下特举本发明的具体实施方式。The above description is only an overview of the technical solutions of the present invention, and in order to more clearly understand the technical means of the present invention, it can be implemented in accordance with the contents of the specification, and in order to make the above-mentioned Other objects, features, and advantages will be apparent from the following description.
附图说明DRAWINGS
通过阅读下文优选实施方式的详细描述,各种其他的优点和益处对于本领域普通技术人员捋变得清楚明了。附图仅用于示出优选实施方式的目的,而并不认为是对本发明的限制。而且在整个附图中,用相同的参考符号表示相同的部件。在附图中:Various other advantages and benefits will become apparent to those skilled in the <RTIgt; The drawings are only for the purpose of illustrating the preferred embodiments and are not to be construed as limiting. Throughout the drawings, the same reference numerals are used to refer to the same parts. In the drawing:
图1示出了本发明实施例提供的一种应用隐私安全信息的检测方法流程图;FIG. 1 is a flowchart of a method for detecting privacy security information according to an embodiment of the present invention;
图2示出了本发明实施例提供的另一种应用隐私安全信息的检测方法流程图;FIG. 2 is a flowchart of another method for detecting privacy security information according to an embodiment of the present invention;
图3示出了本发明实施例提供的一种应用隐私安全信息的检测装置结构示意图。FIG. 3 is a schematic structural diagram of a device for detecting privacy security information according to an embodiment of the present invention.
图4示出了本发明实施例提供的另一种应用隐私安全信息的检测装置结构示意图;FIG. 4 is a schematic structural diagram of another apparatus for detecting privacy security information according to an embodiment of the present invention;
图5示出了用于执行根据本发明的方法的终端设备的框图;Figure 5 shows a block diagram of a terminal device for performing the method according to the invention;
图6示出了用于保持或者携带实现根据本发明的方法的程序代码的存储单元。Figure 6 shows a storage unit for holding or carrying program code implementing the method according to the invention.
具体实施方式detailed description
下面捋参照附图更详细地描述本公开的示例性实施例。虽然附图中显示了本公开的示例性实施例,然而应当理解,可以以各种形式实现本公开而不应被这里阐述的实施例所限制。相反,提供这些实施例是为了能够更透彻地理解本公开,并且能够捋本公开的范围完整的传达给本领域的技术人员。Exemplary embodiments of the present disclosure are described in more detail below with reference to the accompanying drawings. While the embodiments of the present invention have been shown in the drawings, the embodiments Rather, these embodiments are provided so that this disclosure will be more fully understood, and the scope of the disclosure will be fully disclosed to those skilled in the art.
本发明实施例提供一种应用隐私安全信息的检测方法,如图1所示,所述方法可以应用于智能终端上,所述方法包括:An embodiment of the present invention provides a method for detecting privacy security information. As shown in FIG. 1 , the method may be applied to a smart terminal, where the method includes:
101、获取应用的安装文件。 101. Obtain an installation file of the application.
对于本发明实施例,当操作系统为苹果公司的ios系统时,可以从苹果官方应用商店里下载相应应用的安装文件,此时,安装文件可以为IPA(iPhone Application)格式文件,当操作系统为安卓系统时,也可以从第三方的应用分发平台下载相应应用的安装文件,此时,安装文件可以为APK(Android Package)格式文件。For the embodiment of the present invention, when the operating system is the ios system of Apple Inc., the installation file of the corresponding application can be downloaded from the official Apple App Store. At this time, the installation file can be an IPA (iPhone Application) format file, when the operating system is In the Android system, the installation file of the corresponding application can also be downloaded from the third-party application distribution platform. At this time, the installation file can be an APK (Android Package) format file.
102、解压所述安装文件,得到所述应用对应的隐私访问权限和后台运行模式。102. Decompress the installation file to obtain a privacy access permission and a background operation mode corresponding to the application.
其中,隐私访问权限为应用具有的一些特定权限,例如,对终端中保存的联系人信息、照片信息、短信息等私密数据的访问权限,后台运行模式具体可以为应用具有在后台运行的功能,在苹果的ios系统中,对应用的后台运行模式的授权有着严格要求,目前只对具有音乐播放功能、或者导航功能、或者网络电话功能的应用授权后台运行模式。The privacy access permission is a specific permission that the application has, for example, access rights to private data such as contact information, photo information, and short information stored in the terminal, and the background running mode may specifically be that the application has a function running in the background. In Apple's iOS system, there is a strict requirement for the authorization of the background running mode of the application. At present, only the application running mode with the music playing function, or the navigation function or the network phone function is authorized.
103、根据所述隐私访问权限和/或所述后台运行模式,对所述应用隐私安全信息进行检测。103. Detect the application privacy security information according to the privacy access right and/or the background running mode.
对于本发明实施例,通过隐私访问权限和/或所述后台运行模式相结合的方式对应用隐私安全信息进行检测,与目前只通过隐私访问权限对应用隐私安全信息进行检测相比,可以更加全面的对应用隐私安全信息进行分析,提高了应用隐私安全信息的检测效率。For the embodiment of the present invention, the application of the privacy security information is detected by the combination of the privacy access right and/or the background running mode, and is more comprehensive than the current detection of the application security security information only through the privacy access right. The analysis of the application privacy security information improves the detection efficiency of the application privacy security information.
本发明实施例提供的一种应用隐私安全信息的检测方法,先获取应用的安装文件,然后解压所述安装文件,得到所述应用对应的隐私访问权限和后台运行模式,最后根据所述隐私访问权限和/或所述后台运行模式对所述应用隐私安全信息进行检测。与目前根据应用的隐私访问权限,通过人工方式检测应用隐私安全信息相比,本发明实施例根据隐私访问权限和后台运行模式可以对所述应用隐私安全信息进行更加全面的分析与检测,而且检测过程和检测结果记录过程可以通过智能终端自动执行完成,进而提升了检测效率。The method for detecting the application of the privacy security information provided by the embodiment of the present invention first obtains an installation file of the application, and then decompresses the installation file to obtain a privacy access right and a background operation mode corresponding to the application, and finally according to the privacy access. The rights and/or the background mode of operation detect the application privacy security information. The embodiment of the present invention can perform more comprehensive analysis and detection on the application privacy security information according to the privacy access right and the background running mode, and the detection and detection are performed according to the privacy access right of the application. The process and test result recording process can be automatically performed by the intelligent terminal, thereby improving the detection efficiency.
进一步地,本发明实施例提供另一种应用隐私安全信息的检测方法,如图2所示,所述方法可以应用于智能终端上,所述方法包括: Further, the embodiment of the present invention provides another method for detecting privacy security information. As shown in FIG. 2, the method may be applied to a smart terminal, where the method includes:
201、获取应用的安装文件。201. Obtain an installation file of the application.
对于本发明实施例,当操作系统为苹果公司的ios系统时,可以从苹果官方应用商店里下载相应应用的安装文件,此时,安装文件可以为IPA(iPhone Application)格式文件,当操作系统为安卓系统时,也可以从第三方的应用分发平台下载相应应用的安装文件,此时,安装文件可以为APK(Android Package)格式文件。For the embodiment of the present invention, when the operating system is the ios system of Apple Inc., the installation file of the corresponding application can be downloaded from the official Apple App Store. At this time, the installation file can be an IPA (iPhone Application) format file, when the operating system is In the Android system, the installation file of the corresponding application can also be downloaded from the third-party application distribution platform. At this time, the installation file can be an APK (Android Package) format file.
202、解压所述安装文件,得到所述应用对应的隐私访问权限和后台运行模式。202. Decompress the installation file to obtain a privacy access permission and a background operation mode corresponding to the application.
对于本发明实施例,解压所述安装文件,得到所述应用对应的隐私访问权限可以包括:解压所述安装文件,得到所述应用对应的可执行文件,然后通过预置命令行工具解析所述可执行文件,得到所述应用对应的隐私访问权限。其中,可执行文件为可移植可执行(PE)文件格式的文件,它可以加载到内存中,并由操作系统加载程序执行,可以为.exe文件、.sys文件、.com文件等。For the embodiment of the present invention, decompressing the installation file to obtain the privacy access right corresponding to the application may include: decompressing the installation file, obtaining an executable file corresponding to the application, and then parsing the file by using a preset command line tool. An executable file that obtains the privacy access rights corresponding to the application. The executable file is a portable executable (PE) file format file, which can be loaded into the memory and executed by the operating system loader, and can be an .exe file, a .sys file, a .com file, or the like.
例如,当操作系统为苹果公司的ios系统时,命令行工具可以为XCode编程软件中的otool命令行工具。通过命令行工具所述可执行文件进行解析,得到所述应用对应的隐私访问权限,与目前通过人工方式检测相比,可以通过命令行工具进行解析得到所述应用对应的隐私访问权限,增加了检测的准确性,并且检测过程和检测结果记录过程可以由智能终端自动执行完成,进而提高了检测效率。For example, when the operating system is Apple's iOS system, the command line tool can be the otool command line tool in the XCode programming software. The executable file is parsed by the command line tool to obtain the privacy access right of the application. Compared with the current manual detection, the command can be parsed by the command line tool to obtain the privacy access permission of the application. The accuracy of the detection, and the detection process and the detection result recording process can be automatically performed by the intelligent terminal, thereby improving the detection efficiency.
进一步地,所述解压所述安装文件,得到所述应用对应的可执行文件可以包括:解压所述安装文件,得到配置信息文件,然后从所述配置信息文件中获取所述应用对应的可执行文件名称,最后根据所述可执行文件名称,从所述安装文件中获取所述应用对应的可执行文件。Further, the decompressing the installation file to obtain the executable file corresponding to the application may include: decompressing the installation file, obtaining a configuration information file, and then obtaining executable executables corresponding to the application from the configuration information file. a file name, and finally obtaining an executable file corresponding to the application from the installation file according to the executable file name.
其中,配置信息文件可以为一种结构化的文本文件,其中包含了一些重要的配置信息,当被系统进行读取时,可向系统提供应用的配置信息。例如,当操作系统为苹果公司的ios系统时,配置信息文件可以为Info.plist文件,Info.plist文件是一种结构化的文本文件,包含了一些重要的ios应用 配置信息,例如,包含本地化语言、应用图标名称、帮助文件的名称、可执行文件名称、后台运行模式等等。Info.plist文件包含的可执行文件名称为CFBundleExecutable。对于本发明实施例,解压所述安装文件,得到所述应用对应的后台运行模式可以包括:解压所述安装文件,得到所述应用的配置信息文件,然后通过所述预置命令行工具从所述配置信息文件中,获取所述应用对应的后台运行模式。The configuration information file may be a structured text file, which contains some important configuration information, and when read by the system, may provide application configuration information to the system. For example, when the operating system is Apple's ios system, the configuration information file can be an Info.plist file, and the Info.plist file is a structured text file containing some important ios applications. Configuration information, for example, includes localized language, application icon name, name of the help file, executable file name, background run mode, and more. The Info.plist file contains the executable name CFBundleExecutable. For the embodiment of the present invention, decompressing the installation file to obtain a background running mode corresponding to the application may include: decompressing the installation file, obtaining a configuration information file of the application, and then using the preset command line tool to In the configuration information file, the background running mode corresponding to the application is obtained.
例如,当操作系统为苹果公司的ios系统时,配置信息文件可以为Info.plist文件,其中Info.plist文件包含的后台运行模式为UIBackgroundModes,与目前进行应用隐私安全信息的检测时,只能通过人工方式获取到应用隐私访问权限相比,本发明实施例增加了对应用后台运行模式的获取与分析,可以更加全面地检测应用隐私安全信息。For example, when the operating system is an iOS system of Apple, the configuration information file may be an Info.plist file, and the background running mode included in the Info.plist file is UIBackgroundModes, and only when the application of the privacy security information is currently detected. Compared with the manual access mode, the embodiment of the present invention increases the acquisition and analysis of the application background running mode, and can more comprehensively detect the application privacy security information.
203、根据所述隐私访问权限和/或所述后台运行模式对所述应用隐私安全信息进行检测。203. Detect the application privacy security information according to the privacy access right and/or the background running mode.
具体地,检测所述应用的隐私访问权限是否符合预置条件,并且检测所述应用对应的应用类别信息是否与预置应用类别信息相匹配,所述预置应用类别信息为ios系统中授权可执行后台运行模式的应用对应的应用类别信息。Specifically, detecting whether the privacy access right of the application meets a preset condition, and detecting whether the application category information corresponding to the application matches the preset application category information, where the preset application category information is authorized in the ios system. The application category information corresponding to the application running in the background running mode.
其中,预置条件可以根据用户实际需求进行配置,例如,预置条件可以配置为不具有对终端中保存的联系人信息、照片信息、短信息等私密数据的访问权限。在苹果的ios系统中,对应用的后台运行模式的授权有着严格要求,目前只对具有音乐播放功能、或者导航功能、或者网络电话功能的应用授权后台运行模式,因此,预置应用类别信息可以配置为音乐播放类应用、导航类应用、网络电话类应用The preset condition can be configured according to the actual needs of the user. For example, the preset condition can be configured to have no access right to private data such as contact information, photo information, and short information saved in the terminal. In Apple's ios system, there is a strict requirement for the authorization of the background running mode of the application. At present, only the application with the music playing function, or the navigation function or the network telephone function is authorized to run the background running mode. Therefore, the preset application category information can be Configured as a music player application, navigation application, VoIP application
204、若所述应用的隐私访问权限不符合预置条件或者所述应用对应的应用类别信息与所述预置应用类别信息不匹配,则进行告警。204. If the privacy access permission of the application does not meet the preset condition or the application category information corresponding to the application does not match the preset application category information, perform an alarm.
具体地,若所述应用的隐私访问权限不符合预置条件或者所述应用对应的应用类别信息与所述预置应用类别信息不匹配,可以对应用进行威胁标识,或者实时显示提示信息以提示用户该应用存在风险。 Specifically, if the privacy access right of the application does not meet the preset condition or the application category information corresponding to the application does not match the preset application category information, the threat identifier may be applied to the application, or the prompt information may be displayed in real time to prompt The user is at risk of this application.
对于本发明实施例,在在苹果的ios系统中,解压所述安装文件,得到所述应用对应的隐私访问权限和后台运行模式的过程可以包括:For the embodiment of the present invention, in the iOS system of the Apple, the process of decompressing the installation file to obtain the privacy access right and the background running mode corresponding to the application may include:
首先先捋ios应用的安装文件下载到智能终端,所述安装文件可以从苹果官方AppStore商店或者从第三方的应用分发平台下载得到;然后通过解压缩工具捋ios应用的IPA安装文件进行解压,得到配置信息文件,即Info.plist文件;再通过检查Info.plist文件信息,从中获取所述ios应用的后台运行模式,即UIBackgroundModes,以及获取所述ios应用的可执行文件名称,即CFBundleExecutable,然后根据CFBundleExecutable,通过解压缩工具解压所述ios应用的IPA安装文件,得到所述ios应用的可执行文件;最后通过XCode编程软件中的otool命令行工具,对所述ios应用的可执行文件进行分析应用的可执行文件进行解析,得到所述ios应用中配置的ios Framework,通过ios Framework,得到所述ios应用的隐私访问权限,其中,所述ios Framework的具体表现形式可以如下表所示:First, download the installation file of the ios application to the smart terminal. The installation file can be downloaded from the official AppStore store of Apple or from the application distribution platform of the third party; then decompress the IPA installation file of the ios application through the decompression tool. a configuration information file, that is, an Info.plist file; and then by checking the Info.plist file information, obtaining a background running mode of the ios application, that is, UIBackgroundModes, and acquiring an executable file name of the ios application, that is, CFBundleExecutable, and then according to CFBundleExecutable, decompressing the IPA installation file of the ios application by a decompression tool to obtain an executable file of the ios application; finally, analyzing and applying the executable file of the ios application through the otool command line tool in the XCode programming software The executable file is parsed to obtain the ios Framework configured in the ios application, and the privacy access permission of the ios application is obtained through the ios Framework, wherein the specific manifestation of the ios Framework can be as follows:
ios Framework名称Ios Framework name 功能Features
AddressBookAddressBook 通讯录Address book
AssetsLibraryAssetsLibrary 相册(照片和视频)Album (photo and video)
EventKitEventKit 日历calendar
CoreLocationCoreLocation 位置服务,即定位Location service
以上表格只列举了与应用隐私安全信息相关的ios Framework的部分信息,但不限于此,对于多个ios应用依次执行以上步骤,可以得到每一个ios应用的隐私访问权限和后台运行模式等信息。The above table only lists some information about the ios Framework related to the application of privacy security information, but is not limited thereto. For the multiple ios applications, the above steps are sequentially performed, and information such as the privacy access right and the background running mode of each ios application can be obtained.
本发明实施例提供的另一种应用隐私安全信息的检测方法,先获取应用的安装文件,然后解压所述安装文件,得到所述应用对应的隐私访问权 限和后台运行模式,最后根据所述隐私访问权限和/或所述后台运行模式对所述应用隐私安全信息进行检测。与目前根据应用的隐私访问权限,通过人工方式检测应用隐私安全信息相比,本发明实施例根据隐私访问权限和后台运行模式可以对所述应用隐私安全信息进行更加全面的分析与检测,而且检测过程和检测结果记录过程可以通过智能终端自动执行完成,进而提升了检测效率。Another method for detecting privacy security information provided by an embodiment of the present invention first obtains an installation file of an application, and then decompresses the installation file to obtain a privacy access right corresponding to the application. And the background running mode, and finally detecting the application privacy security information according to the privacy access right and/or the background running mode. The embodiment of the present invention can perform more comprehensive analysis and detection on the application privacy security information according to the privacy access right and the background running mode, and the detection and detection are performed according to the privacy access right of the application. The process and test result recording process can be automatically performed by the intelligent terminal, thereby improving the detection efficiency.
进一步地,作为图1所述方法的具体实现,本发明实施例提供一种应用隐私安全信息的检测装置,如图3所示,所述装置可以为智能终端,所述装置可以包括:获取单元31、解压单元32、检测单元33。Further, as a specific implementation of the method in FIG. 1, the embodiment of the present invention provides a device for detecting privacy security information. As shown in FIG. 3, the device may be an intelligent terminal, and the device may include: an acquiring unit. 31. Decompression unit 32 and detection unit 33.
所述获取单元31,可以用于获取应用的安装文件。The obtaining unit 31 may be configured to acquire an installation file of the application.
所述解压单元32,可以用于解压获取单元31获取的安装文件,得到所述应用对应的隐私访问权限和后台运行模式。The decompression unit 32 can be used to decompress the installation file acquired by the obtaining unit 31, and obtain the privacy access right and the background running mode corresponding to the application.
所述检测单元33,可以用于根据所述隐私访问权限和/或所述后台运行模式对所述应用隐私安全信息进行检测。The detecting unit 33 may be configured to detect the application privacy security information according to the privacy access right and/or the background running mode.
需要说明的是,本发明实施例提供的数据的处理装置所涉及各功能单元的其他相应描述,可以参考图1所示方法中的对应描述,在此不再赘述。It should be noted that, for other corresponding descriptions of the functional units involved in the data processing apparatus provided by the embodiments of the present invention, reference may be made to the corresponding description in the method shown in FIG. 1 , and details are not described herein again.
本发明实施例提供的一种应用隐私安全信息的检测装置,先获取应用的安装文件,然后解压所述安装文件,得到所述应用对应的隐私访问权限和后台运行模式,最后根据所述隐私访问权限和/或所述后台运行模式对所述应用隐私安全信息进行检测。与目前根据应用的隐私访问权限,通过人工方式检测应用隐私安全信息相比,本发明实施例根据隐私访问权限和后台运行模式可以对所述应用隐私安全信息进行更加全面的分析与检测,而且检测过程和检测结果记录过程可以通过智能终端自动执行完成,进而提升了检测效率。The device for detecting privacy security information provided by the embodiment of the present invention first obtains an installation file of an application, and then decompresses the installation file to obtain a privacy access right and a background operation mode corresponding to the application, and finally according to the privacy access. The rights and/or the background mode of operation detect the application privacy security information. The embodiment of the present invention can perform more comprehensive analysis and detection on the application privacy security information according to the privacy access right and the background running mode, and the detection and detection are performed according to the privacy access right of the application. The process and test result recording process can be automatically performed by the intelligent terminal, thereby improving the detection efficiency.
再进一步地,作为图2所述方法的具体实现,本发明实施例提供另一种应用隐私安全信息的检测装置,如图4所示,所述装置可以为智能终端,所述装置包括:获取单元41、解压单元42、检测单元43。Further, as a specific implementation of the method in FIG. 2, the embodiment of the present invention provides another apparatus for detecting privacy security information. As shown in FIG. 4, the apparatus may be an intelligent terminal, and the apparatus includes: acquiring The unit 41, the decompression unit 42, and the detection unit 43.
所述获取单元41,可以用于获取应用的安装文件。 The obtaining unit 41 can be configured to acquire an installation file of the application.
所述解压单元42,可以用于解压获取单元41获取的安装文件,得到所述应用对应的隐私访问权限和后台运行模式。The decompression unit 42 can be used to decompress the installation file acquired by the obtaining unit 41, and obtain the privacy access right and the background running mode corresponding to the application.
所述检测单元43,可以用于根据所述隐私访问权限和/或所述后台运行模式对所述应用隐私安全信息进行检测。The detecting unit 43 may be configured to detect the application privacy security information according to the privacy access right and/or the background running mode.
进一步地,所述解压单元42,具体用于解压所述安装文件,得到所述应用对应的可执行文件;通过预置命令行工具解析所述可执行文件,得到所述应用对应的隐私访问权限。Further, the decompressing unit 42 is specifically configured to decompress the installation file to obtain an executable file corresponding to the application, and parse the executable file by using a preset command line tool to obtain a privacy access permission corresponding to the application. .
进一步地,所述解压单元42包括:Further, the decompression unit 42 includes:
第一解压模块421、用于解压所述安装文件,得到配置信息文件配置信息文件。The first decompression module 421 is configured to decompress the installation file to obtain a configuration information file configuration information file.
第一获取模块422、用于通过所述预置命令行工具从所述配置信息文件中,获取所述应用对应的后台运行模式。The first obtaining module 422 is configured to obtain, by using the preset command line tool, the background running mode corresponding to the application from the configuration information file.
进一步地,所述解压单元42还包括:Further, the decompression unit 42 further includes:
第二解压模块423、用于解压所述安装文件,得到配置信息文件。The second decompression module 423 is configured to decompress the installation file to obtain a configuration information file.
第二获取模块424、用于从所述第二解压模块423得到的配置信息文件中,获取所述应用对应的可执行文件名称。The second obtaining module 424 is configured to obtain an executable file name corresponding to the application from the configuration information file obtained by the second decompression module 423.
所述第二获取模块424、还用于根据所述获取的可执行文件名称,从所述安装文件中获取所述应用对应的可执行文件。The second obtaining module 424 is further configured to obtain, from the installation file, an executable file corresponding to the application according to the obtained executable file name.
进一步地,所述应用为ios应用,所述检测单元43,具体用于检测所述应用的隐私访问权限是否符合预置条件,并且检测所述应用对应的应用类别信息是否与预置应用类别信息相匹配,所述预置应用类别信息为ios系统中授权可执行后台运行模式的应用对应的应用类别信息。Further, the application is an ios application, and the detecting unit 43 is specifically configured to detect whether the privacy access right of the application meets a preset condition, and detect whether the application category information corresponding to the application is related to preset application category information. Matching, the preset application category information is application category information corresponding to an application authorized to perform a background running mode in the ios system.
进一步地,所述装置还包括:Further, the device further includes:
告警单元44,用于若所述应用的隐私访问权限不符合预置条件或者所述应用对应的应用类别信息与所述预置应用类别信息不匹配,则进行告警。The alarm unit 44 is configured to perform an alarm if the privacy access right of the application does not meet the preset condition or the application category information corresponding to the application does not match the preset application category information.
需要说明的是,本发明实施例提供的数据的处理装置所涉及各功能单元的其他相应描述,可以参考图2所示方法中的对应描述,在此不再赘述。It should be noted that other corresponding descriptions of the functional units involved in the data processing apparatus provided by the embodiment of the present invention may be referred to the corresponding description in the method shown in FIG. 2, and details are not described herein again.
本发明实施例提供的另一种应用隐私安全信息的检测装置,先获取应 用的安装文件,然后解压所述安装文件,得到所述应用对应的隐私访问权限和后台运行模式,最后根据所述隐私访问权限和/或所述后台运行模式对所述应用隐私安全信息进行检测。与目前根据应用的隐私访问权限,通过人工方式检测应用隐私安全信息相比,本发明实施例根据隐私访问权限和后台运行模式可以对所述应用隐私安全信息进行更加全面的分析与检测,而且检测过程和检测结果记录过程可以通过智能终端自动执行完成,进而提升了检测效率。Another apparatus for detecting privacy security information provided by an embodiment of the present invention first acquires Using the installation file, and then decompressing the installation file, obtaining the privacy access right and the background running mode corresponding to the application, and finally detecting the application privacy security information according to the privacy access right and/or the background running mode. . The embodiment of the present invention can perform more comprehensive analysis and detection on the application privacy security information according to the privacy access right and the background running mode, and the detection and detection are performed according to the privacy access right of the application. The process and test result recording process can be automatically performed by the intelligent terminal, thereby improving the detection efficiency.
在上述实施例中,对各个实施例的描述都各有侧重,某个实施例中没有详述的部分,可以参见其他实施例的相关描述。In the above embodiments, the descriptions of the various embodiments are different, and the details that are not detailed in a certain embodiment can be referred to the related descriptions of other embodiments.
可以理解的是,上述方法及装置中的相关特征可以相互参考。另外,上述实施例中的“第一”、“第二”等是用于区分各实施例,而并不代表各实施例的优劣。It will be appreciated that related features in the above methods and apparatus can be referenced to each other. In addition, "first", "second", and the like in the above embodiments are used to distinguish the embodiments, and do not represent the advantages and disadvantages of the embodiments.
所属领域的技术人员可以清楚地了解到,为描述的方便和简洁,上述描述的系统,装置和单元的具体工作过程,可以参考前述方法实施例中的对应过程,在此不再赘述。A person skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the system, the device and the unit described above can refer to the corresponding process in the foregoing method embodiment, and details are not described herein again.
在此提供的算法和显示不与任何特定计算机、虚拟系统或者其它设备固有相关。各种通用系统也可以与基于在此的示教一起使用。根据上面的描述,构造这类系统所要求的结构是显而易见的。此外,本发明也不针对任何特定编程语言。应当明白,可以利用各种编程语言实现在此描述的本发明的内容,并且上面对特定语言所做的描述是为了披露本发明的最佳实施方式。The algorithms and displays provided herein are not inherently related to any particular computer, virtual system, or other device. Various general purpose systems can also be used with the teaching based on the teachings herein. The structure required to construct such a system is apparent from the above description. Moreover, the invention is not directed to any particular programming language. It is to be understood that the invention may be embodied in a variety of programming language, and the description of the specific language has been described above in order to disclose the preferred embodiments of the invention.
在此处所提供的说明书中,说明了大量具体细节。然而,能够理解,本发明的实施例可以在没有这些具体细节的情况下实践。在一些实例中,并未详细示出公知的方法、结构和技术,以便不模糊对本说明书的理解。In the description provided herein, numerous specific details are set forth. However, it is understood that the embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures, and techniques are not shown in detail so as not to obscure the understanding of the description.
类似地,应当理解,为了精简本公开并帮助理解各个发明方面中的一个或多个,在上面对本发明的示例性实施例的描述中,本发明的各个特征有时被一起分组到单个实施例、图、或者对其的描述中。然而,并不应捋该公开的方法解释成反映如下意图:即所要求保护的本发明要求比在每个权利要求中所明确记载的特征更多的特征。更确切地说,如下面的权利要 求书所反映的那样,发明方面在于少于前面公开的单个实施例的所有特征。因此,遵循具体实施方式的权利要求书由此明确地并入该具体实施方式,其中每个权利要求本身都作为本发明的单独实施例。Similarly, the various features of the invention are sometimes grouped together into a single embodiment, in the above description of the exemplary embodiments of the invention, Figure, or a description of it. However, the method disclosed is not to be interpreted as reflecting the intention that the claimed invention requires more features than those recited in the claims. More precisely, as the following rights As reflected in the book, the inventive aspects reside in less than all of the features of the single embodiments disclosed above. Therefore, the claims following the specific embodiments are hereby explicitly incorporated into the embodiments, and each of the claims as a separate embodiment of the invention.
本领域那些技术人员可以理解,可以对实施例中的设备中的模块进行自适应性地改变并且把它们设置在与该实施例不同的一个或多个设备中。可以把实施例中的模块或单元或组件组合成一个模块或单元或组件,以及此外可以把它们分成多个子模块或子单元或子组件。除了这样的特征和/或过程或者单元中的至少一些是相互排斥之外,可以采用任何组合对本说明书(包括伴随的权利要求、摘要和附图)中公开的所有特征以及如此公开的任何方法或者设备的所有过程或单元进行组合。除非另外明确陈述,本说明书(包括伴随的权利要求、摘要和附图)中公开的每个特征可以由提供相同、等同或相似目的的替代特征来代替。Those skilled in the art will appreciate that the modules in the devices of the embodiments can be adaptively changed and placed in one or more devices different from the embodiment. The modules or units or components of the embodiments may be combined into one module or unit or component, and further they may be divided into a plurality of sub-modules or sub-units or sub-components. In addition to such features and/or at least some of the processes or units being mutually exclusive, any combination of the features disclosed in the specification, including the accompanying claims, the abstract and the drawings, and any methods so disclosed, or All processes or units of the device are combined. Each feature disclosed in this specification (including the accompanying claims, the abstract and the drawings) may be replaced by alternative features that provide the same, equivalent or similar purpose.
此外,本领域的技术人员能够理解,尽管在此所述的一些实施例包括其它实施例中所包括的某些特征而不是其它特征,但是不同实施例的特征的组合意味着处于本发明的范围之内并且形成不同的实施例。例如,在下面的权利要求书中,所要求保护的实施例的任意之一都可以以任意的组合方式来使用。In addition, those skilled in the art will appreciate that, although some embodiments described herein include certain features that are included in other embodiments and not in other features, combinations of features of different embodiments are intended to be within the scope of the present invention. Different embodiments are formed and formed. For example, in the following claims, any one of the claimed embodiments can be used in any combination.
本发明的各个部件实施例可以以硬件实现,或者以在一个或者多个处理器上运行的软件模块实现,或者以它们的组合实现。本领域的技术人员应当理解,可以在实践中使用微处理器或者数字信号处理器(DSP)来实现根据本发明实施例的应用隐私安全信息的检测方法及装置中的一些或者全部部件的一些或者全部功能。本发明还可以实现为用于执行这里所描述的方法的一部分或者全部的设备或者装置程序(例如,计算机程序和计算机程序产品)。这样的实现本发明的程序可以存储在计算机可读介质上,或者可以具有一个或者多个信号的形式。这样的信号可以从因特网网站上下载得到,或者在载体信号上提供,或者以任何其他形式提供。The various component embodiments of the present invention may be implemented in hardware, or in a software module running on one or more processors, or in a combination thereof. Those skilled in the art will appreciate that a microprocessor or digital signal processor (DSP) may be used in practice to implement some or all of some or all of the components of the method and apparatus for detecting privacy security information in accordance with embodiments of the present invention. All features. The invention can also be implemented as a device or device program (e.g., a computer program and a computer program product) for performing some or all of the methods described herein. Such a program implementing the invention may be stored on a computer readable medium or may be in the form of one or more signals. Such signals may be downloaded from an Internet website, provided on a carrier signal, or provided in any other form.
例如,图5示出了可以实现根据本发明的一种应用隐私安全信息的检测的终端设备。该终端设备传统上包括处理器510和以存储器520形式的计算机程序产品或者计算机可读介质。存储器520可以是诸如闪存、 EEPROM(电可擦除可编程只读存储器)、EPROM、硬盘或者ROM之类的电子存储器。存储器520具有用于执行上述方法中的任何方法步骤的程序代码531的存储空间530。例如,用于程序代码的存储空间530可以包括分别用于实现上面的方法中的各种步骤的各个程序代码531。这些程序代码可以从一个或者多个计算机程序产品中读出或者写入到这一个或者多个计算机程序产品中。这些计算机程序产品包括诸如硬盘,紧致盘(CD)、存储卡或者软盘之类的程序代码载体。这样的计算机程序产品通常为如参考图6所述的便携式或者固定存储单元。该存储单元可以具有与图5的终端设备中的存储器520类似布置的存储段、存储空间等。程序代码可以例如以适当形式进行压缩。通常,存储单元包括计算机可读代码531’,即可以由例如诸如510之类的处理器读取的代码,这些代码当由终端设备运行时,导致该终端设备执行上面所描述的方法中的各个步骤。For example, FIG. 5 illustrates a terminal device that can implement detection of application privacy security information in accordance with the present invention. The terminal device conventionally includes a processor 510 and a computer program product or computer readable medium in the form of a memory 520. The memory 520 can be, for example, a flash memory, Electronic memory such as EEPROM (Electrically Erasable Programmable Read Only Memory), EPROM, hard disk or ROM. Memory 520 has a memory space 530 for program code 531 for performing any of the method steps described above. For example, storage space 530 for program code may include various program code 531 for implementing various steps in the above methods, respectively. The program code can be read from or written to one or more computer program products. These computer program products include program code carriers such as hard disks, compact disks (CDs), memory cards or floppy disks. Such computer program products are typically portable or fixed storage units as described with reference to FIG. The storage unit may have a storage section, a storage space, and the like arranged similarly to the storage 520 in the terminal device of FIG. The program code can be compressed, for example, in an appropriate form. Typically, the storage unit comprises computer readable code 531 'is a code readable by a processor, such as 510, which when executed by the terminal device causes the terminal device to perform each of the methods described above step.
应该注意的是上述实施例对本发明进行说明而不是对本发明进行限制,并且本领域技术人员在不脱离所附权利要求的范围的情况下可设计出替换实施例。在权利要求中,不应捋位于括号之间的任何参考符号构造成对权利要求的限制。单词“包含”不排除存在未列在权利要求中的元件或步骤。位于元件之前的单词“一”或“一个”不排除存在多个这样的元件。本发明可以借助于包括有若干不同元件的硬件以及借助于适当编程的计算机来实现。在列举了若干装置的单元权利要求中,这些装置中的若干个可以是通过同一个硬件项来具体体现。单词第一、第二、以及第三等的使用不表示任何顺序。可捋这些单词解释为名称。It is to be noted that the above-described embodiments are illustrative of the invention and are not intended to be limiting, and that the invention may be devised without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as a limitation. The word "comprising" does not exclude the presence of the elements or steps that are not recited in the claims. The word "a" or "an" The invention can be implemented by means of hardware comprising several distinct elements and by means of a suitably programmed computer. In the unit claims enumerating several means, several of these means can be embodied by the same hardware item. The use of the words first, second, and third does not indicate any order. These words can be interpreted as names.
此外,还应当注意,本说明书中使用的语言主要是为了可读性和教导的目的而选择的,而不是为了解释或者限定本发明的主题而选择的。因此,在不偏离所附权利要求书的范围和精神的情况下,对于本技术领域的普通技术人员来说许多修改和变更都是显而易见的。对于本发明的范围,对本发明所做的公开是说明性的,而非限制性的,本发明的范围由所附权利要求书限定。 In addition, it should be noted that the language used in the specification has been selected for the purpose of readability and teaching, and is not intended to be construed or limited. Therefore, many modifications and changes will be apparent to those skilled in the art without departing from the scope of the invention. The disclosure of the present invention is intended to be illustrative, and not restrictive, and the scope of the invention is defined by the appended claims.

Claims (14)

  1. 一种应用隐私安全信息的检测方法,包括:A method for detecting privacy security information, including:
    获取应用的安装文件;Get the installation file of the app;
    解压所述安装文件,得到所述应用对应的隐私访问权限和后台运行模式;Decompressing the installation file to obtain a privacy access right and a background running mode corresponding to the application;
    根据所述隐私访问权限和/或所述后台运行模式,对所述应用隐私安全信息进行检测。The application privacy security information is detected according to the privacy access right and/or the background running mode.
  2. 根据权利要求1所述的应用隐私安全信息的检测方法,其特征在于,所述解压所述安装文件,得到所述应用对应的隐私访问权限包括:The method for detecting the application of the privacy security information according to claim 1, wherein the decompressing the installation file to obtain the privacy access rights corresponding to the application comprises:
    解压所述安装文件,得到所述应用对应的可执行文件;Decompressing the installation file to obtain an executable file corresponding to the application;
    通过预置命令行工具解析所述可执行文件,得到所述应用对应的隐私访问权限。The executable file is parsed by a preset command line tool to obtain a privacy access right corresponding to the application.
  3. 根据权利要求2所述的应用隐私安全信息的检测方法,其特征在于,所述解压所述安装文件,得到所述应用对应的后台运行模式包括:The method for detecting the application of the privacy security information according to claim 2, wherein the decompressing the installation file to obtain a background operation mode corresponding to the application comprises:
    解压所述安装文件,得到所述应用的配置信息文件;Decompressing the installation file to obtain a configuration information file of the application;
    通过所述预置命令行工具从所述配置信息文件中,获取所述应用对应的后台运行模式。The background running mode corresponding to the application is obtained from the configuration information file by using the preset command line tool.
  4. 根据权利要求2所述的应用隐私安全信息的检测方法,所述解压所述安装文件,得到所述应用对应的可执行文件包括:The method for detecting the application of the privacy security information according to claim 2, wherein the decompressing the installation file to obtain the executable file corresponding to the application comprises:
    解压所述安装文件,得到配置信息文件;Decompress the installation file to obtain a configuration information file;
    从所述配置信息文件中获取所述应用对应的可执行文件名称;Obtaining, from the configuration information file, an executable file name corresponding to the application;
    根据所述可执行文件名称,从所述安装文件中获取所述应用对应的可执行文件。Obtaining an executable file corresponding to the application from the installation file according to the executable file name.
  5. 根据权利要求1所述的应用隐私安全信息的检测方法,其特征在于,所述应用为ios应用,所述根据所述隐私访问权限和所述后台运行模式对所述应用隐私安全信息进行检测包括:The method for detecting the application of the privacy security information according to claim 1, wherein the application is an ios application, and the detecting the application privacy security information according to the privacy access right and the background running mode comprises: :
    检测所述应用的隐私访问权限是否符合预置条件,并且检测所述应用对应的应用类别信息是否与预置应用类别信息相匹配,所述预置应用类别信息为ios系统中授权可执行后台运行模式的应用对应的应用类别信息。 Detecting whether the privacy access right of the application meets a preset condition, and detecting whether the application category information corresponding to the application matches the preset application category information, where the preset application category information is an authorized executable background operation in the ios system The application category information corresponding to the application of the mode.
  6. 根据权利要求5所述的应用隐私安全信息的检测方法,其特征在于,还包括:The method for detecting the application of privacy security information according to claim 5, further comprising:
    若所述应用的隐私访问权限不符合预置条件或者所述应用对应的应用类别信息与所述预置应用类别信息不匹配,则进行告警。If the privacy access right of the application does not meet the preset condition or the application category information corresponding to the application does not match the preset application category information, an alarm is generated.
  7. 一种应用隐私安全信息的检测装置,包括:A detection device for applying privacy security information, comprising:
    获取单元,用于获取应用的安装文件;An obtaining unit for obtaining an installation file of the application;
    解压单元,用于解压所述获取单元获取的所述安装文件,得到所述应用对应的隐私访问权限和后台运行模式;a decompression unit, configured to decompress the installation file obtained by the acquiring unit, to obtain a privacy access right and a background operation mode corresponding to the application;
    检测单元,用于根据所述隐私访问权限和/或所述后台运行模式,对所述应用隐私安全信息进行检测。And a detecting unit, configured to detect the application privacy security information according to the privacy access right and/or the background running mode.
  8. 根据权利要求7所述的应用隐私安全信息的检测装置,其特征在于,The apparatus for detecting privacy security information according to claim 7, wherein:
    所述解压单元,具体用于解压所述安装文件,得到所述应用对应的可执行文件;通过预置命令行工具解析所述可执行文件,得到所述应用对应的隐私访问权限。The decompression unit is configured to decompress the installation file to obtain an executable file corresponding to the application, and parse the executable file by using a preset command line tool to obtain a privacy access right corresponding to the application.
  9. 根据权利要求8所述的应用隐私安全信息的检测装置,其特征在于,所述解压单元包括:The apparatus for detecting privacy security information according to claim 8, wherein the decompression unit comprises:
    第一解压模块,用于解压所述安装文件,得到配置信息文件配置信息文件;a first decompression module, configured to decompress the installation file, and obtain a configuration information file configuration information file;
    第一获取模块,用于通过所述预置命令行工具从所述配置信息文件中,获取所述应用对应的后台运行模式。The first obtaining module is configured to obtain, by using the preset command line tool, a background running mode corresponding to the application from the configuration information file.
  10. 根据权利要求8所述的应用隐私安全信息的检测装置,所述解压单元还包括:The apparatus for detecting privacy security information according to claim 8, wherein the decompression unit further comprises:
    第二解压模块,用于解压所述安装文件,得到配置信息文件;a second decompression module, configured to decompress the installation file to obtain a configuration information file;
    第二获取模块,用于从所述第二解压模块得到的配置信息文件中,获取所述应用对应的可执行文件名称;a second obtaining module, configured to obtain, from a configuration information file obtained by the second decompression module, an executable file name corresponding to the application;
    所述第二获取模块,还用于根据所述获取的可执行文件名称,从所述安装文件中获取所述应用对应的可执行文件。The second obtaining module is further configured to obtain, according to the obtained executable file name, an executable file corresponding to the application from the installation file.
  11. 根据权利要求7所述的应用隐私安全信息的检测装置,其特征在于,所述应用为ios应用, The apparatus for detecting privacy security information according to claim 7, wherein the application is an ios application.
    所述检测单元,具体用于检测所述应用的隐私访问权限是否符合预置条件,并且检测所述应用对应的应用类别信息是否与预置应用类别信息相匹配,所述预置应用类别信息为ios系统中授权可执行后台运行模式的应用对应的应用类别信息。The detecting unit is specifically configured to detect whether the privacy access right of the application meets a preset condition, and detect whether the application category information corresponding to the application matches the preset application category information, where the preset application category information is The application category information corresponding to the application that can execute the background running mode is authorized in the ios system.
  12. 根据权利要求11所述的应用隐私安全信息的检测装置,其特征在于,所述装置还包括:The device for detecting privacy security information according to claim 11, wherein the device further comprises:
    告警单元,用于若所述应用的隐私访问权限不符合预置条件或者所述应用对应的应用类别信息与所述预置应用类别信息不匹配,则进行告警。The alarm unit is configured to perform an alarm if the privacy access right of the application does not meet the preset condition or the application category information corresponding to the application does not match the preset application category information.
  13. 一种计算机程序,包括计算机可读代码,当所述计算机可读代码在终端设备上运行时,导致所述终端设备执行根据权利要求1-6中的任一个所述的应用隐私安全信息的检测方法。A computer program comprising computer readable code causing the terminal device to perform detection of application privacy security information according to any one of claims 1-6 when the computer readable code is run on a terminal device method.
  14. 一种计算机可读介质,其中存储了如权利要求13所述的计算机程序。 A computer readable medium storing the computer program of claim 13.
PCT/CN2015/095596 2014-12-29 2015-11-26 Detection method and device for application privacy security information WO2016107343A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201410838081.2A CN105809040A (en) 2014-12-29 2014-12-29 Method and apparatus for detecting application privacy security information
CN201410838081.2 2014-12-29

Publications (1)

Publication Number Publication Date
WO2016107343A1 true WO2016107343A1 (en) 2016-07-07

Family

ID=56284184

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2015/095596 WO2016107343A1 (en) 2014-12-29 2015-11-26 Detection method and device for application privacy security information

Country Status (2)

Country Link
CN (1) CN105809040A (en)
WO (1) WO2016107343A1 (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110619219A (en) * 2019-07-31 2019-12-27 广州亚美信息科技有限公司 Application program source code protection method and device, computer equipment and storage medium
CN111597552A (en) * 2020-04-15 2020-08-28 深圳市捷顺科技实业股份有限公司 Code scanning method and terminal equipment
CN111835756A (en) * 2020-07-10 2020-10-27 深圳市网安计算机安全检测技术有限公司 APP privacy compliance detection method and device, computer equipment and storage medium

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112860550A (en) * 2021-02-01 2021-05-28 北京小米移动软件有限公司 Method, device and storage medium for detecting application privacy items

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102426639A (en) * 2011-09-26 2012-04-25 宇龙计算机通信科技(深圳)有限公司 Information safety monitoring method and device
CN103136472A (en) * 2011-11-29 2013-06-05 腾讯科技(深圳)有限公司 Method and mobile device of stopping application program to steal privacy

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413221B (en) * 2011-11-24 2014-03-12 中兴通讯股份有限公司 Method for protecting privacy information and mobile terminal
CN103368904B (en) * 2012-03-27 2016-12-28 百度在线网络技术(北京)有限公司 The detection of mobile terminal, questionable conduct and decision-making system and method
CN103049178B (en) * 2012-11-27 2015-12-02 小米科技有限责任公司 A kind of control method of mobile terminal, device and mobile terminal
CN103617380B (en) * 2013-11-28 2017-04-19 北京邮电大学 Application program authority dynamic control method and system
CN103905651A (en) * 2014-04-30 2014-07-02 北京邮电大学 Method and system for application permission management in intelligent terminal

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102426639A (en) * 2011-09-26 2012-04-25 宇龙计算机通信科技(深圳)有限公司 Information safety monitoring method and device
CN103136472A (en) * 2011-11-29 2013-06-05 腾讯科技(深圳)有限公司 Method and mobile device of stopping application program to steal privacy

Cited By (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110619219A (en) * 2019-07-31 2019-12-27 广州亚美信息科技有限公司 Application program source code protection method and device, computer equipment and storage medium
CN110619219B (en) * 2019-07-31 2021-08-24 广州亚美信息科技有限公司 Application program source code protection method and device, computer equipment and storage medium
CN111597552A (en) * 2020-04-15 2020-08-28 深圳市捷顺科技实业股份有限公司 Code scanning method and terminal equipment
CN111597552B (en) * 2020-04-15 2023-11-10 深圳市捷顺科技实业股份有限公司 Code scanning method and terminal equipment
CN111835756A (en) * 2020-07-10 2020-10-27 深圳市网安计算机安全检测技术有限公司 APP privacy compliance detection method and device, computer equipment and storage medium

Also Published As

Publication number Publication date
CN105809040A (en) 2016-07-27

Similar Documents

Publication Publication Date Title
WO2016091034A1 (en) Method and device for providing application channel packet
US20160232374A1 (en) Permission control method and apparatus
CN103632096B (en) A kind of method and apparatus that safety detection is carried out to equipment
WO2016019893A1 (en) Application installation method and apparatus
US9516056B2 (en) Detecting a malware process
WO2016015680A1 (en) Security detection method and security detection apparatus for mobile terminal input window
WO2016107343A1 (en) Detection method and device for application privacy security information
US20160063244A1 (en) Method and system for recognizing advertisement plug-ins
WO2015062389A1 (en) Method and apparatus for uninstalling system application on terminal device
US9449163B2 (en) Electronic device and method for logging in application program of the electronic device
US9202021B2 (en) License verification method and apparatus, and computer readable storage medium storing program therefor
WO2015176431A1 (en) Method and device for generating test data
CN108763951B (en) Data protection method and device
US9466310B2 (en) Compensating for identifiable background content in a speech recognition device
JP5832954B2 (en) Tag assignment device and tag assignment method
WO2018121266A1 (en) Method and device for obtaining application and terminal device
CN110532165B (en) Application program installation package characteristic detection method, device, equipment and storage medium
CN113961919B (en) Malicious software detection method and device
WO2017076051A1 (en) Method and apparatus for acquiring superuser permission
CN110727941B (en) Privacy data protection method and device, terminal equipment and storage medium
CN113449310A (en) Application program vulnerability detection method, device and equipment
CN111079125A (en) Method and device for calling third-party library dynamic lifting authority by application program
US11501016B1 (en) Digital password protection
WO2016070690A1 (en) Method, device and system for realizing communication between application and webpage on terminal device
CN113051613A (en) Privacy policy detection method and device, electronic equipment and readable storage medium

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 15875022

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 15875022

Country of ref document: EP

Kind code of ref document: A1