WO2017063424A1 - Private information leakage prevention method, device and terminal - Google Patents

Private information leakage prevention method, device and terminal Download PDF

Info

Publication number
WO2017063424A1
WO2017063424A1 PCT/CN2016/091623 CN2016091623W WO2017063424A1 WO 2017063424 A1 WO2017063424 A1 WO 2017063424A1 CN 2016091623 W CN2016091623 W CN 2016091623W WO 2017063424 A1 WO2017063424 A1 WO 2017063424A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
data
accessing
private data
privacy
Prior art date
Application number
PCT/CN2016/091623
Other languages
French (fr)
Chinese (zh)
Inventor
古幼鹏
Original Assignee
中兴通讯股份有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 中兴通讯股份有限公司 filed Critical 中兴通讯股份有限公司
Publication of WO2017063424A1 publication Critical patent/WO2017063424A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes

Definitions

  • This document relates to, but is not limited to, the field of information security technology, and in particular, to a method, device and terminal for preventing privacy information leakage.
  • One or more application behavior data is collected in the Android system, and the data is not currently being used effectively.
  • the disclosure of user privacy information is an important part of mobile phone security.
  • the disclosure of private information is essentially that the application illegally obtains the user's private information and spreads out of the scope of the mobile phone.
  • the first one is to pre-configure one or more application security policies.
  • When monitoring an application to invoke system resources it is determined according to a pre-configured security policy whether the application has The permission to invoke the system resource, if not, prohibits the application from invoking the system resource to prevent privacy data from being leaked.
  • the second method is to adopt the client and server (C/S, Client Server) architecture, including the server software system and the mobile device terminal application (APP, Application) system, and the mobile device terminal APP system is responsible for security information collection and policy execution.
  • the server software system is responsible for security information analysis, security policy formulation and delivery, and security control, providing unified and centralized security management for mobile devices, preventing user privacy data and sensitive data from leaking.
  • the above technology has not been thoroughly studied in the core issue of the development of security policies.
  • the related technology is based on the experience of the user or the expert to determine whether to grant an application access to a certain resource. Due to the limited and lagging experience of users and experts, the proposed security strategy is not flexible enough to adapt to the rapid development of the application security situation.
  • the embodiment of the invention provides a method, a device and a terminal for preventing privacy information leakage, which can improve the flexibility of the security policy, thereby adapting to the rapid development of the application security situation.
  • An embodiment of the present invention provides a method for preventing privacy information leakage, including:
  • the application for performing the pre-propagation operation after accessing the privacy data including:
  • Controlling according to the application behavior in the operating system, operation information recorded by the service for one or more applications, determining an application that performs a pre-propagation operation after accessing the privacy data; the recorded operation information, including: an application name, an operation type, and an execution operation time.
  • the pre-propagation operation includes: a data upload operation, and/or a write file operation.
  • the set condition includes one of the following:
  • the operation of accessing the private data is performed within a third set period of time after the network download operation.
  • the recorded operation information further includes: a time when the application is last rejected to perform the operation;
  • the method further includes:
  • the embodiment of the invention further provides an apparatus for preventing privacy information leakage, comprising:
  • Determining a module configured to determine an application that performs a pre-propagation operation after accessing the privacy data
  • the judging module is configured to determine whether the timing of the application accessing the private data meets the set condition, and if the condition meets the set condition, the user is prompted for the risk for the application.
  • the determining module is configured to:
  • Controlling according to the application behavior in the operating system, operation information recorded by the service for one or more applications, determining an application that performs a pre-propagation operation after accessing the private data; the recorded operation information, including: an application name, an operation type, and an execution operation time;
  • the pre-propagation operation includes: a data upload operation, and/or a write file operation.
  • the judging module is set to:
  • the operation of accessing the private data is performed within a third set period of time after the network download operation.
  • the recorded operation information further includes: a time when the application is last rejected to perform the operation;
  • the determining module is further configured to:
  • An embodiment of the present invention further provides a terminal, including the foregoing apparatus for preventing privacy information leakage.
  • the embodiment of the present invention has at least the following advantages:
  • the method, device and terminal for preventing privacy information leakage use the operation behavior data collected by the system, that is, the operation information of one or more applications recorded by the application behavior control service of the operating system, and analyze the normal operation.
  • the operation behavior data collected by the system that is, the operation information of one or more applications recorded by the application behavior control service of the operating system
  • the user can prompt the user to disclose the risk of the privacy data leakage, and further restrict the behavior of the application, and protect the user's private data from being leaked.
  • the embodiments of the present invention are also advantageous in that the user does not need professional security knowledge; the extracted features have stability and universal applicability, and the flexibility of the security policy is improved, thereby adapting to the ever-changing malicious application.
  • FIG. 1 is a flowchart of a method for preventing privacy information leakage according to a first embodiment of the present invention
  • FIG. 2 is a flowchart of a method for preventing privacy information leakage according to a second embodiment of the present invention
  • FIG. 3 is a schematic structural diagram of a device for preventing privacy information leakage according to third and fourth embodiments of the present invention.
  • a first embodiment of the present invention includes the following specific steps:
  • Step S101 determining an application that performs a pre-propagation operation after accessing the private data first;
  • the application for performing the pre-propagation operation after accessing the private data first includes:
  • Controlling according to the application behavior in the operating system, operation information recorded by the service for one or more applications, determining an application that performs a pre-propagation operation after accessing the private data; the recorded operation information, including: an application name, an operation type, and an execution operation Time, where
  • the operation type is used to determine whether the application performs access to the privacy data and the pre-propagation operation
  • the time at which the operation is performed is used to judge whether or not the operation has actually been performed, and is used to judge whether or not the operation of accessing the private data is performed to perform the pre-propagation operation.
  • the pre-propagation operation includes: a data upload operation, and/or a write file operation.
  • Step S102 Determine whether the timing of accessing the privacy data by the application meets the set condition, and if the condition meets the set condition, present a risk prompt to the user for the application.
  • step S102 determining whether the time when the application accesses the private data meets the set condition includes:
  • the operation of accessing the private data is performed within a third set period of time after the network download operation.
  • the setting time of the time when the different applications access the private data may be different. It can also be the same, depending on the hardware and software performance of the different systems, the type of application, and the tracking of the processing of each type of application itself. It is not limited in the embodiment of the present invention, and can be flexibly set and adjusted when the technical solution of the embodiment of the present invention is actually applied.
  • the second embodiment of the present invention is a method for preventing privacy information leakage.
  • the method in this embodiment is substantially the same as the first embodiment. The difference is that in the method of the embodiment, the recorded operation information is Also included: when the application was last rejected for execution;
  • the method for preventing privacy information leakage further includes:
  • step S103 it is determined whether the number of times the application access privacy data is rejected exceeds a set number of times, and when the set number of times is exceeded, a risk prompt is presented to the user for the application.
  • steps S103 and S102 in this embodiment are based on different aspects, and there is no strict sequential execution order.
  • the methods of the first embodiment and the second embodiment of the present invention can be implemented by a terminal.
  • the third embodiment of the present invention corresponds to the first embodiment.
  • This embodiment introduces a device for preventing privacy information leakage. As shown in FIG. 3, the following components are included:
  • the determining module 301 is configured to determine an application that performs a pre-propagation operation after accessing the private data first;
  • the determining module 301 is configured to:
  • Controlling according to the application behavior in the operating system, operation information recorded by the service for one or more applications, determining an application that performs a pre-propagation operation after accessing the private data; the recorded operation information, including: an application name, an operation type, and an execution operation Time, where
  • the operation type is used to determine whether the application performs access to the privacy data and the pre-propagation operation
  • the time at which the operation is performed is used to determine whether the operation is actually performed, and is used to judge whether the operation of performing the access to the private data is performed by the pre-propagation operation;
  • the pre-propagation operation includes: a data upload operation, and/or a write file operation.
  • the determining module 302 is configured to determine whether the timing of the application accessing the private data meets the set condition, and if the set condition is met, the risk prompt is presented to the user for the application.
  • the determining module 302 is configured to:
  • the operation of accessing the private data is performed within a third set period of time after the network download operation.
  • an apparatus for preventing privacy information leakage is introduced corresponding to the second embodiment.
  • the method in this embodiment is substantially the same as the third embodiment, except that in the apparatus of the embodiment.
  • the recorded operation information further includes: a time when the application is last rejected to perform the operation;
  • the determining module 302 is further configured to:
  • a terminal can be understood as a physical device, and the terminal includes the device for preventing privacy information leakage according to the third embodiment or the fourth embodiment.
  • the sixth embodiment of the present invention is based on the above embodiment, and an application example of the present invention is described with reference to FIG.
  • the application OP.WRITE_CONTACTS is executed by the application Com.test.mycontatct, and at 171000 milliseconds, Com.test.contatct performs the operation OP_READ_CONTACTS for reading the contact, and At 198000 milliseconds, the data upload operation OP_SOCKET_SEND was performed.
  • the application Com.test.contatct monitors the contact data.
  • the application Com.test.contatct has a great risk of leaking the contact's private data.
  • the application Com.test.call also reads the new contact data after the contact data is updated, but it does not have a network upload operation, so its risk of leaking the contact privacy data. Relatively low.
  • Step A1 detecting whether the privacy data is accessed by the application, and if there is an application set (assumed to be Set1) accessing the private data, proceed to the next step;
  • Step A2 from Set1, find an application set Set2 that performs a data upload operation within a T1 time period after accessing the privacy data;
  • step A3 an application having one of the following behaviors is found in Set2: accessing the private data operation performed in the T2 time period after the application is successfully installed, accessing the private data operation performed during the T3 time period in which the private data is updated, timing Performed access to private data operations, access to private data operations performed during a T4 time period with network download operations;
  • Step A4 if the application that meets the condition can be found in step A3, the application has a large The ability to disclose the user's private data, make a risk warning to the user and let the user decide whether to prohibit the application from accessing the privacy data.
  • the application that leaks the private data may not start the private data obtained by the network upload, but write the file first, and then upload the data saved in the file at a certain time.
  • the method flow for finding an application that leaks private data is as follows:
  • Step B1 detecting whether the privacy data is accessed by the application, and if there is an application set (assumed to be Set1) accessing the private data, proceed to the next step;
  • Step B2 finding an application set Set2 that performs a write file operation in the T1 time period after accessing the private data from Set1;
  • step B3 an application having one of the following behaviors is found in Set2: accessing the private data operation performed in the T2 time period after the application is successfully installed, accessing the private data operation performed during the T3 time period in which the private data is updated, timing Performed access to private data operations, access to private data operations performed during a T4 time period with network download operations;
  • step B4 the application set Set3 that meets the condition is found out from step B3, and the application that performs the read file operation first and performs the data upload operation in the subsequent T4 time is found in the set, and the application is highly likely sexually revealing the user's private data, making a risk warning to the user and letting the user decide whether to prohibit the application from accessing the privacy data.
  • the method, device and terminal for preventing privacy information leakage use the application operation information data collected locally by the system, and according to the data analysis, discover possible privacy data leakage behavior.
  • Privacy data needs to be transmitted through the network to be leaked. Therefore, for an application that leaks private data, there must be an operation sequence of accessing private data and network uploading data.
  • the above operation sequence needs to have a trigger condition, which is generally issued after the application is installed or when the privacy data changes or when the network or the network sends a command. Therefore, an application that satisfies the above conditions can be considered to have a high risk of revealing private data.
  • the embodiment of the present invention finds an application with a security risk by analyzing the statistical data of the operation behavior of each application by discovering whether the application has a risk behavior of leaking private data.
  • the benefits of this method Yes: 1) No need for users to have professional security knowledge; 2)
  • the features extracted by this method are stable, have universal applicability, and improve the flexibility of security policies to adapt to changing malicious applications.
  • Embodiments of the present invention also provide a computer readable storage medium storing computer executable instructions for performing any of the methods described above.
  • each module/unit in the foregoing embodiment may be implemented in the form of hardware, for example, by implementing an integrated circuit to implement its corresponding function, or may be implemented in the form of a software function module, for example, executing a program in a storage and a memory by a processor. / instruction to achieve its corresponding function.
  • the invention is not limited to any specific form of combination of hardware and software.

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer Security & Cryptography (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Medical Informatics (AREA)
  • Information Transfer Between Computers (AREA)
  • Storage Device Security (AREA)
  • Computer And Data Communications (AREA)
  • Telephone Function (AREA)

Abstract

A private information leakage prevention method, device and terminal. The method comprises: determining an application executing a pre-propagation operation after accessing private data (S101); and determining whether the timing the application accesses the private data satisfies a set condition, and if so, notifying a user of a risk for the application (S102).

Description

一种防隐私信息泄露的方法、装置及终端Method, device and terminal for preventing privacy information leakage 技术领域Technical field
本文涉及但不限于信息安全技术领域,尤指一种防隐私信息泄露的方法、装置及终端。This document relates to, but is not limited to, the field of information security technology, and in particular, to a method, device and terminal for preventing privacy information leakage.
背景技术Background technique
安卓(Android)系统中收集了一种或多种应用行为操作数据,这些数据目前没有被有效利用。用户隐私信息的泄露是手机安全的重要内容,隐私信息泄露本质上就是应用非法获取了用户隐私信息并扩散到本手机范围以外。One or more application behavior data is collected in the Android system, and the data is not currently being used effectively. The disclosure of user privacy information is an important part of mobile phone security. The disclosure of private information is essentially that the application illegally obtains the user's private information and spreads out of the scope of the mobile phone.
目前典型的隐私数据防泄露方法有两种:第一种是预先配置一种或多种应用安全策略,在监控到应用欲调用系统资源时,根据预配置的安全策略判断出所述应用是否具有调用所述系统资源的权限,如果没有,则禁止所述应用调用所述系统资源,达到防止隐私数据泄露的目的。第二种方式是采用客户机和服务器(C/S,Client Server)架构,包括服务端软件系统和移动设备终端应用程序(APP,Application)系统,移动设备终端APP系统负责安全信息收集和策略执行,服务端软件系统则负责安全信息分析、安全策略制定和下发以及安全控制,为移动设备提供统一、集中安全管理,防止用户隐私数据、敏感数据的泄露问题。At present, there are two methods for preventing leakage of a typical private data. The first one is to pre-configure one or more application security policies. When monitoring an application to invoke system resources, it is determined according to a pre-configured security policy whether the application has The permission to invoke the system resource, if not, prohibits the application from invoking the system resource to prevent privacy data from being leaked. The second method is to adopt the client and server (C/S, Client Server) architecture, including the server software system and the mobile device terminal application (APP, Application) system, and the mobile device terminal APP system is responsible for security information collection and policy execution. The server software system is responsible for security information analysis, security policy formulation and delivery, and security control, providing unified and centralized security management for mobile devices, preventing user privacy data and sensitive data from leaking.
以上技术对于安全策略的制定这个核心问题并没有深入研究。一般来说,相关技术对安全策略的制定都是依靠用户或者专家的已有经验来决定是否授予某个应用访问某种资源的权利。由于用户和专家经验的有限性和滞后性,使制定的安全策略存在不够灵活、不能适应快速发展的应用安全形势的变化。The above technology has not been thoroughly studied in the core issue of the development of security policies. In general, the related technology is based on the experience of the user or the expert to determine whether to grant an application access to a certain resource. Due to the limited and lagging experience of users and experts, the proposed security strategy is not flexible enough to adapt to the rapid development of the application security situation.
发明内容Summary of the invention
以下是对本文详细描述的主题的概述。本概述并非是为了限制权利要求的保护范围。The following is an overview of the topics detailed in this document. This Summary is not intended to limit the scope of the claims.
本发明实施例提供一种防隐私信息泄露的方法、装置及终端,能够提高安全策略的灵活性,从而适应快速发展的应用安全形势的变化。The embodiment of the invention provides a method, a device and a terminal for preventing privacy information leakage, which can improve the flexibility of the security policy, thereby adapting to the rapid development of the application security situation.
本发明实施例提供一种防隐私信息泄露的方法,包括: An embodiment of the present invention provides a method for preventing privacy information leakage, including:
确定出访问隐私数据后执行预传播操作的应用;Determining an application that performs a pre-propagation operation after accessing the privacy data;
判断所述应用访问隐私数据的时机是否符合设定的条件,在符合设定的条件的情况下,针对所述应用向用户进行风险提示。Determining whether the timing of accessing the privacy data by the application meets the set condition, and if the condition meets the set condition, the user is presented with a risk prompt for the application.
可选的,确定出访问隐私数据后执行预传播操作的应用,包括:Optionally, the application for performing the pre-propagation operation after accessing the privacy data is determined, including:
根据操作系统中的应用行为控制服务针对一个或多个应用记录的操作信息,确定出访问隐私数据后执行预传播操作的应用;所述记录的操作信息,包括:应用名称、操作类型和执行操作的时间。Controlling, according to the application behavior in the operating system, operation information recorded by the service for one or more applications, determining an application that performs a pre-propagation operation after accessing the privacy data; the recorded operation information, including: an application name, an operation type, and an execution operation time.
可选的,所述预传播操作,包括:数据上传操作,和/或,写文件操作。Optionally, the pre-propagation operation includes: a data upload operation, and/or a write file operation.
可选的,所述设定的条件包括以下之一:Optionally, the set condition includes one of the following:
在所述应用安装成功之后的第一设定时间段内执行访问隐私数据的操作;Performing an operation of accessing private data within a first set period of time after the application is successfully installed;
在隐私数据被更新之后的第二设定时间段内执行访问隐私数据的操作;Performing an operation of accessing private data in a second set time period after the privacy data is updated;
定时执行访问隐私数据的操作;Regularly perform operations for accessing private data;
在有网络下载操作之后的第三设定时间段内执行访问隐私数据的操作。The operation of accessing the private data is performed within a third set period of time after the network download operation.
可选的,所述记录的操作信息,还包括:应用最后一次被拒绝执行操作的时间;Optionally, the recorded operation information further includes: a time when the application is last rejected to perform the operation;
所述方法,还包括:The method further includes:
判断所述应用访问隐私数据被拒绝的次数是否超过设定的次数,在超过设定的次数的情况下,针对所述应用向用户进行风险提示。It is determined whether the number of times the application access privacy data is rejected exceeds a set number of times, and if the set number of times is exceeded, a risk prompt is presented to the user for the application.
本发明实施例还提供一种防隐私信息泄露的装置,包括:The embodiment of the invention further provides an apparatus for preventing privacy information leakage, comprising:
确定模块,设置为确定出访问隐私数据后执行预传播操作的应用;Determining a module, configured to determine an application that performs a pre-propagation operation after accessing the privacy data;
判断模块,设置为判断所述应用访问隐私数据的时机是否符合设定的条件,在符合设定的条件的情况下,针对所述应用向用户进行风险提示。The judging module is configured to determine whether the timing of the application accessing the private data meets the set condition, and if the condition meets the set condition, the user is prompted for the risk for the application.
可选的,所述确定模块是设置为:Optionally, the determining module is configured to:
根据操作系统中的应用行为控制服务针对一个或多个应用记录的操作信息,确定出先访问隐私数据后执行预传播操作的应用;所述记录的操作信息,包括:应用名称、操作类型和执行操作的时间; Controlling, according to the application behavior in the operating system, operation information recorded by the service for one or more applications, determining an application that performs a pre-propagation operation after accessing the private data; the recorded operation information, including: an application name, an operation type, and an execution operation time;
所述预传播操作,包括:数据上传操作,和/或,写文件操作。The pre-propagation operation includes: a data upload operation, and/or a write file operation.
可选的,判断模块是设置为:Optionally, the judging module is set to:
判断应用访问隐私数据的时机是否符合以下之一,在符合以下之一的情况下,针对应用向用户进行风险提示:Determine whether the application accesses the private data at the timing of one of the following, and in the case of one of the following, the user is prompted for the risk:
在所述应用安装成功之后的第一设定时间段内执行访问隐私数据的操作;Performing an operation of accessing private data within a first set period of time after the application is successfully installed;
在隐私数据被更新之后的第二设定时间段内执行访问隐私数据的操作;Performing an operation of accessing private data in a second set time period after the privacy data is updated;
定时执行访问隐私数据的操作;Regularly perform operations for accessing private data;
在有网络下载操作之后的第三设定时间段内执行访问隐私数据的操作。The operation of accessing the private data is performed within a third set period of time after the network download operation.
可选的,所述记录的操作信息,还包括:应用最后一次被拒绝执行操作的时间;Optionally, the recorded operation information further includes: a time when the application is last rejected to perform the operation;
所述判断模块,还设置为:The determining module is further configured to:
判断所述应用访问隐私数据被拒绝的次数是否超过设定的次数,在超过设定的次数的情况下,针对所述应用向用户进行风险提示。It is determined whether the number of times the application access privacy data is rejected exceeds a set number of times, and if the set number of times is exceeded, a risk prompt is presented to the user for the application.
本发明实施例还提供一种终端,包括上述防隐私信息泄露的装置。An embodiment of the present invention further provides a terminal, including the foregoing apparatus for preventing privacy information leakage.
采用上述技术方案,本发明实施例至少具有下列优点:With the above technical solution, the embodiment of the present invention has at least the following advantages:
本发明实施例所述防隐私信息泄露的方法、装置及终端,利用系统收集的应用行为操作数据,即通过操作系统的应用行为控制服务记录的一个或多个应用的操作信息,分析出正常的应用对隐私数据的操作行为和异常的应用对隐私数据的操作行为,就可以及时向用户提示其隐私数据泄露风险,并可进一步限制该应用的行为,保护用户的隐私数据被泄露。本发明实施例优势还在于:不需要用户具有专业的安全知识;所提取的特征具有稳定性和普遍适用性,提高了安全策略的灵活性,从而适应了不断变化的恶意应用。The method, device and terminal for preventing privacy information leakage according to the embodiment of the present invention use the operation behavior data collected by the system, that is, the operation information of one or more applications recorded by the application behavior control service of the operating system, and analyze the normal operation. By applying the operation behavior of the private data and the abnormal operation of the privacy data, the user can prompt the user to disclose the risk of the privacy data leakage, and further restrict the behavior of the application, and protect the user's private data from being leaked. The embodiments of the present invention are also advantageous in that the user does not need professional security knowledge; the extracted features have stability and universal applicability, and the flexibility of the security policy is improved, thereby adapting to the ever-changing malicious application.
在阅读并理解了附图和详细描述后,可以明白其他方面。Other aspects will be apparent upon reading and understanding the drawings and detailed description.
附图概述BRIEF abstract
图1为本发明第一实施例的防隐私信息泄露的方法流程图; 1 is a flowchart of a method for preventing privacy information leakage according to a first embodiment of the present invention;
图2为本发明第二实施例的防隐私信息泄露的方法流程图;2 is a flowchart of a method for preventing privacy information leakage according to a second embodiment of the present invention;
图3为本发明第三、四实施例的防隐私信息泄露的装置组成结构示意图。FIG. 3 is a schematic structural diagram of a device for preventing privacy information leakage according to third and fourth embodiments of the present invention.
本发明的实施方式Embodiments of the invention
为更进一步阐述本发明为达成预定目的所采取的技术手段及功效,以下结合附图及较佳实施例,对本发明进行详细说明如后。The present invention will be described in detail below with reference to the accompanying drawings and preferred embodiments.
本发明第一实施例,一种防隐私信息泄露的方法,如图1所示,包括以下具体步骤:A first embodiment of the present invention, a method for preventing privacy information leakage, as shown in FIG. 1, includes the following specific steps:
步骤S101,确定出先访问隐私数据后执行预传播操作的应用;Step S101, determining an application that performs a pre-propagation operation after accessing the private data first;
可选的,确定出先访问隐私数据后执行预传播操作的应用,包括:Optionally, the application for performing the pre-propagation operation after accessing the private data first includes:
根据操作系统中的应用行为控制服务针对一个或多个应用记录的操作信息,确定出先访问隐私数据后执行预传播操作的应用;所述记录的操作信息,包括:应用名称、操作类型和执行操作的时间,其中,Controlling, according to the application behavior in the operating system, operation information recorded by the service for one or more applications, determining an application that performs a pre-propagation operation after accessing the private data; the recorded operation information, including: an application name, an operation type, and an execution operation Time, where
操作类型用于判断所述应用执行的是否是访问隐私数据和预传播操作;The operation type is used to determine whether the application performs access to the privacy data and the pre-propagation operation;
执行操作的时间用于判断是否真正执行过,且用于判断执行访问隐私数据的操作是否现有执行预传播操作。The time at which the operation is performed is used to judge whether or not the operation has actually been performed, and is used to judge whether or not the operation of accessing the private data is performed to perform the pre-propagation operation.
所述预传播操作,包括:数据上传操作,和/或,写文件操作。The pre-propagation operation includes: a data upload operation, and/or a write file operation.
步骤S102,判断所述应用访问隐私数据的时机是否符合设定的条件,在符合设定的条件的情况下,针对所述应用向用户进行风险提示。Step S102: Determine whether the timing of accessing the privacy data by the application meets the set condition, and if the condition meets the set condition, present a risk prompt to the user for the application.
可选的,在步骤S102中,判断所述应用访问隐私数据的时机是否符合设定的条件,包括:Optionally, in step S102, determining whether the time when the application accesses the private data meets the set condition includes:
判断所述应用访问隐私数据的时机是否符合以下之一:Determine whether the time when the application accesses the private data meets one of the following:
在应用安装成功之后的第一设定时间段内执行访问隐私数据的操作;Performing an operation of accessing private data within a first set time period after the application is successfully installed;
在隐私数据被更新之后的第二设定时间段内执行访问隐私数据的操作;Performing an operation of accessing private data in a second set time period after the privacy data is updated;
定时执行访问隐私数据的操作;Regularly perform operations for accessing private data;
在有网络下载操作之后的第三设定时间段内执行访问隐私数据的操作。The operation of accessing the private data is performed within a third set period of time after the network download operation.
需要说明的是,上述不同应用访问隐私数据的时机的设定时间可以不同 也可以相同,取决于不同系统的软硬件性能、应用程序的种类以及对于每一类应用程序本身的处理过程的跟踪了解情况。本发明实施例中不对其进行限定,可以在实际应用本发明实施例技术方案时进行灵活的设置和调整。It should be noted that the setting time of the time when the different applications access the private data may be different. It can also be the same, depending on the hardware and software performance of the different systems, the type of application, and the tracking of the processing of each type of application itself. It is not limited in the embodiment of the present invention, and can be flexibly set and adjusted when the technical solution of the embodiment of the present invention is actually applied.
本发明第二实施例,一种防隐私信息泄露的方法,本实施例所述方法与第一实施例大致相同,区别在于,在本实施例的所述方法中,所述记录的操作信息,还包括:应用最后一次被拒绝执行操作的时间;The second embodiment of the present invention is a method for preventing privacy information leakage. The method in this embodiment is substantially the same as the first embodiment. The difference is that in the method of the embodiment, the recorded operation information is Also included: when the application was last rejected for execution;
如图2所示,所述防隐私信息泄露的方法,还包括:As shown in FIG. 2, the method for preventing privacy information leakage further includes:
步骤S103,判断所述应用访问隐私数据被拒绝的次数是否超过设定的次数,在超过设定的次数的情况下,针对所述应用向用户进行风险提示。In step S103, it is determined whether the number of times the application access privacy data is rejected exceeds a set number of times, and when the set number of times is exceeded, a risk prompt is presented to the user for the application.
需要说明书的是,本实施例中步骤S103与步骤S102是基于不同的方面进行的判断,其本身没有严格的先后执行顺序。It should be noted that the steps S103 and S102 in this embodiment are based on different aspects, and there is no strict sequential execution order.
本发明第一实施例和第二实施例的方法可以通过终端实现。The methods of the first embodiment and the second embodiment of the present invention can be implemented by a terminal.
本发明第三实施例,与第一实施例对应,本实施例介绍一种防隐私信息泄露的装置,如图3所示,包括以下组成部分:The third embodiment of the present invention corresponds to the first embodiment. This embodiment introduces a device for preventing privacy information leakage. As shown in FIG. 3, the following components are included:
1)确定模块301,设置为确定出先访问隐私数据后执行预传播操作的应用;1) The determining module 301 is configured to determine an application that performs a pre-propagation operation after accessing the private data first;
可选的,确定模块301是设置为:Optionally, the determining module 301 is configured to:
根据操作系统中的应用行为控制服务针对一个或多个应用记录的操作信息,确定出先访问隐私数据后执行预传播操作的应用;所述记录的操作信息,包括:应用名称、操作类型和执行操作的时间,其中,Controlling, according to the application behavior in the operating system, operation information recorded by the service for one or more applications, determining an application that performs a pre-propagation operation after accessing the private data; the recorded operation information, including: an application name, an operation type, and an execution operation Time, where
操作类型用于判断所述应用执行的是否是访问隐私数据和预传播操作;The operation type is used to determine whether the application performs access to the privacy data and the pre-propagation operation;
执行操作的时间用于判断是否真正执行过,且用于判断执行访问隐私数据的操作是否现有执行预传播操作;The time at which the operation is performed is used to determine whether the operation is actually performed, and is used to judge whether the operation of performing the access to the private data is performed by the pre-propagation operation;
所述预传播操作,包括:数据上传操作,和/或,写文件操作。The pre-propagation operation includes: a data upload operation, and/or a write file operation.
2)判断模块302,设置为判断所述应用访问隐私数据的时机是否符合设定的条件,在符合设定的条件的情况下,针对所述应用向用户进行风险提示。2) The determining module 302 is configured to determine whether the timing of the application accessing the private data meets the set condition, and if the set condition is met, the risk prompt is presented to the user for the application.
可选的,判断模块302是设置为: Optionally, the determining module 302 is configured to:
判断所述应用访问隐私数据的时机是否符合以下之一,在符合以下之一的情况下,针对应用向用户进行风险提示:Determining whether the time when the application accesses the private data meets one of the following, and in the case of one of the following, the user is prompted for the risk:
在所述应用安装成功之后的第一设定时间段内执行访问隐私数据的操作;Performing an operation of accessing private data within a first set period of time after the application is successfully installed;
在隐私数据被更新之后的第二设定时间段内执行访问隐私数据的操作;Performing an operation of accessing private data in a second set time period after the privacy data is updated;
定时执行访问隐私数据的操作;Regularly perform operations for accessing private data;
在有网络下载操作之后的第三设定时间段内执行访问隐私数据的操作。The operation of accessing the private data is performed within a third set period of time after the network download operation.
本发明第四实施例,与第二实施例对应的介绍一种防隐私信息泄露的装置,本实施例所述方法与第三实施例大致相同,区别在于,在本实施例的所述装置中,所述记录的操作信息,还包括:应用最后一次被拒绝执行操作的时间;In the fourth embodiment of the present invention, an apparatus for preventing privacy information leakage is introduced corresponding to the second embodiment. The method in this embodiment is substantially the same as the third embodiment, except that in the apparatus of the embodiment. The recorded operation information further includes: a time when the application is last rejected to perform the operation;
判断模块302,还设置为:The determining module 302 is further configured to:
判断所述应用访问隐私数据被拒绝的次数是否超过设定的次数,在超过设定的次数的情况下,针对所述应用向用户进行风险提示。It is determined whether the number of times the application access privacy data is rejected exceeds a set number of times, and if the set number of times is exceeded, a risk prompt is presented to the user for the application.
本发明第五实施例,一种终端,可以作为实体装置来理解,该终端包括第三实施例或者第四实施例所述的防隐私信息泄露的装置。According to a fifth embodiment of the present invention, a terminal can be understood as a physical device, and the terminal includes the device for preventing privacy information leakage according to the third embodiment or the fourth embodiment.
本发明第六实施例,本实施例是在上述实施例的基础上,结合附图4介绍一个本发明的应用实例。The sixth embodiment of the present invention is based on the above embodiment, and an application example of the present invention is described with reference to FIG.
以安卓(Android)系统为例。Android中有个AppOpsSerive即应用行为控制服务,记录了每个应用的操作信息,包括:应用名称packageName、操作类型mOp、操作模式mMode、应用最后一次执行mOp的时间mTime、应用最后一次被拒绝执行该操作的时间mRejectTime、该操作的执行时间mDuration。表1就是一个在Android系统中收集的应用操作数据集合的示意图。本实施例只需用到应用执行mOp的时间即可判断出下面步骤A3中是否符合相应的行为条件了。Take the Android system as an example. There is an AppOpsSerive application behavior control service in Android, which records the operation information of each application, including: application name packageName, operation type mOp, operation mode mMode, time mTime when the application last executed mOp, and the application is rejected last time. The time mRejectTime of the operation, the execution time mDuration of the operation. Table 1 is a schematic diagram of a collection of application operational data collected in the Android system. In this embodiment, it is only necessary to use the time when the application executes mOp to determine whether the corresponding behavior condition is met in the following step A3.
Com.test.mycontact,170000,OP_WRITE_CONTACTSCom.test.mycontact, 170000, OP_WRITE_CONTACTS
Com.test.contact,171000,OP_READ_CONTACTSCom.test.contact, 171000, OP_READ_CONTACTS
Com.test.call,185000,OP_READ_CONTACTSCom.test.call, 185000, OP_READ_CONTACTS
Com.test.contact,190000,OP_RECEIVE_SMSCom.test.contact, 190000, OP_RECEIVE_SMS
Com.test.contact,198000,OP_SOCKET_SENDCom.test.contact, 198000, OP_SOCKET_SEND
表1Table 1
从表1中可以看到,在170000毫秒时,应用Com.test.mycontatct执行了更新联系人数据的操作OP_WRITE_CONTACTS,在171000毫秒时,Com.test.contatct执行了读取联系人的操作OP_READ_CONTACTS,并且在198000毫秒时,执行了数据上传操作OP_SOCKET_SEND。从这个动作流程可以看出,应用Com.test.contatct在监控联系人数据,当联系人数据有变化后即Com.test.mycontatct更新了联系人数据之后,应用Com.test.contatct马上(1秒时间内)就去读取了联系人数据,并在随后不太长时间内(198000-171000=27秒内)执行了网络上传操作。因此,有理由相信该应用一直在监控用户的联系人数据,联系人数据一有变化就读取并上传最新数据,应用Com.test.contatct有很大的泄露联系人隐私数据的危险。从表1的数据中也可以看出,应用Com.test.call也在联系人数据被更新后读取了新联系人数据,但是它没有网络上传操作,因此其对联系人隐私数据泄露的风险比较低。As can be seen from Table 1, at 170,000 milliseconds, the application OP.WRITE_CONTACTS is executed by the application Com.test.mycontatct, and at 171000 milliseconds, Com.test.contatct performs the operation OP_READ_CONTACTS for reading the contact, and At 198000 milliseconds, the data upload operation OP_SOCKET_SEND was performed. As can be seen from this action flow, the application Com.test.contatct monitors the contact data. After the contact data has changed, Com.test.mycontatct updates the contact data, and then applies Com.test.contatct immediately (1 second) Within the time), the contact data was read, and the network upload operation was performed within a short period of time (198000-171000=27 seconds). Therefore, there is reason to believe that the application has been monitoring the user's contact data, and the contact data is read and uploaded with the latest data as soon as the contact data changes. The application Com.test.contatct has a great risk of leaking the contact's private data. As can be seen from the data in Table 1, the application Com.test.call also reads the new contact data after the contact data is updated, but it does not have a network upload operation, so its risk of leaking the contact privacy data. Relatively low.
基于上面针对一个风险较高的应用所描述的实例,提出下面的防隐私信息泄露的过程,包括如下步骤:Based on the above described examples for a risky application, the following process for preventing privacy information disclosure is proposed, including the following steps:
步骤A1,检测隐私数据是否被应用访问,如果有应用集合(假设为Set1)访问了隐私数据,转下一步;Step A1, detecting whether the privacy data is accessed by the application, and if there is an application set (assumed to be Set1) accessing the private data, proceed to the next step;
步骤A2,从Set1中找出在访问隐私数据后T1时间段内执行了数据上传操作的应用集合Set2;Step A2, from Set1, find an application set Set2 that performs a data upload operation within a T1 time period after accessing the privacy data;
步骤A3,在Set2中找出具有如下行为之一的应用:该应用安装成功后T2时间段内执行的访问隐私数据操作、在隐私数据被更新的T3时间段内执行的访问隐私数据操作、定时执行的访问隐私数据操作、在有网络下载操作的T4时间段内执行的访问隐私数据操作;In step A3, an application having one of the following behaviors is found in Set2: accessing the private data operation performed in the T2 time period after the application is successfully installed, accessing the private data operation performed during the T3 time period in which the private data is updated, timing Performed access to private data operations, access to private data operations performed during a T4 time period with network download operations;
步骤A4,如果步骤A3中可以找出符合条件的应用,则该应用有很大可 能性泄露用户的隐私数据,向用户做出风险提示并让用户决定是否禁止该应用访问隐私数据的权限。Step A4, if the application that meets the condition can be found in step A3, the application has a large The ability to disclose the user's private data, make a risk warning to the user and let the user decide whether to prohibit the application from accessing the privacy data.
在基于上述核心算法基础上,还可以采用以下方式增加本方法的准确性和健壮性。Based on the above core algorithm, the accuracy and robustness of the method can also be increased in the following manner.
补充实施案例:泄露隐私数据的应用也可能不会启动网络上传获取的隐私数据,而是先写文件保存,然后在某个时候再把保存在文件中的数据上传。这种情况下,找出泄露隐私数据的应用的方法流程如下:Supplementary implementation case: The application that leaks the private data may not start the private data obtained by the network upload, but write the file first, and then upload the data saved in the file at a certain time. In this case, the method flow for finding an application that leaks private data is as follows:
步骤B1,检测隐私数据是否被应用访问,如果有应用集合(假设为Set1)访问了隐私数据,转下一步;Step B1, detecting whether the privacy data is accessed by the application, and if there is an application set (assumed to be Set1) accessing the private data, proceed to the next step;
步骤B2,从Set1中找出在访问隐私数据后T1时间段内执行了写文件操作的应用集合Set2;Step B2, finding an application set Set2 that performs a write file operation in the T1 time period after accessing the private data from Set1;
步骤B3,在Set2中找出具有如下行为之一的应用:该应用安装成功后T2时间段内执行的访问隐私数据操作、在隐私数据被更新的T3时间段内执行的访问隐私数据操作、定时执行的访问隐私数据操作、在有网络下载操作的T4时间段内执行的访问隐私数据操作;In step B3, an application having one of the following behaviors is found in Set2: accessing the private data operation performed in the T2 time period after the application is successfully installed, accessing the private data operation performed during the T3 time period in which the private data is updated, timing Performed access to private data operations, access to private data operations performed during a T4 time period with network download operations;
步骤B4,从步骤B3中找出符合条件的应用集合Set3,在该集合中找出先执行了读文件操作,并在随后T4时间内执行了数据上传操作的应用,则该应用有很大可能性泄露用户的隐私数据,向用户做出风险提示并让用户决定是否禁止该应用访问隐私数据的权限。In step B4, the application set Set3 that meets the condition is found out from step B3, and the application that performs the read file operation first and performs the data upload operation in the subsequent T4 time is found in the set, and the application is highly likely Sexually revealing the user's private data, making a risk warning to the user and letting the user decide whether to prohibit the application from accessing the privacy data.
本发明实施例的所述防隐私信息泄露的方法、装置及终端,利用系统在本地收集的应用操作信息数据,根据这些数据分析,发现可能的隐私数据泄露行为。包括:隐私数据需要通过网络传输才能被泄露出去。因此,对于泄露隐私数据的应用,一定存在访问隐私数据、网络上传数据这样一个操作序列。此外,以上操作序列需要有个触发条件,一般是应用安装后或者隐私数据变化时或者定时或者网络下发命令。因此,满足以上条件的应用就可以认为有很高的泄露隐私数据风险。The method, device and terminal for preventing privacy information leakage according to the embodiment of the present invention use the application operation information data collected locally by the system, and according to the data analysis, discover possible privacy data leakage behavior. Including: Privacy data needs to be transmitted through the network to be leaked. Therefore, for an application that leaks private data, there must be an operation sequence of accessing private data and network uploading data. In addition, the above operation sequence needs to have a trigger condition, which is generally issued after the application is installed or when the privacy data changes or when the network or the network sends a command. Therefore, an application that satisfies the above conditions can be considered to have a high risk of revealing private data.
本发明实施例通过对每个应用的操作行为统计数据的分析,通过发现应用是否有泄露隐私数据的风险行为来发现有安全隐患的应用。该方法的好处 是:1)不需要用户具有专业的安全知识;2)本方法所提取的特征具有稳定性,具有普遍适用性,提高了安全策略的灵活性,从而适应了不断变化的恶意应用。The embodiment of the present invention finds an application with a security risk by analyzing the statistical data of the operation behavior of each application by discovering whether the application has a risk behavior of leaking private data. The benefits of this method Yes: 1) No need for users to have professional security knowledge; 2) The features extracted by this method are stable, have universal applicability, and improve the flexibility of security policies to adapt to changing malicious applications.
本发明实施例还提出了一种计算机可读存储介质,存储有计算机可执行指令,计算机可执行指令用于执行上述描述的任意一个方法。Embodiments of the present invention also provide a computer readable storage medium storing computer executable instructions for performing any of the methods described above.
本领域普通技术人员可以理解上述方法中的全部或部分步骤可通过程序来指令相关硬件(例如处理器)完成,所述程序可以存储于计算机可读存储介质中,如只读存储器、磁盘或光盘等。可选地,上述实施例的全部或部分步骤也可以使用一个或多个集成电路来实现。相应地,上述实施例中的各模块/单元可以采用硬件的形式实现,例如通过集成电路来实现其相应功能,也可以采用软件功能模块的形式实现,例如通过处理器执行存储与存储器中的程序/指令来实现其相应功能。本发明不限于任何特定形式的硬件和软件的结合。One of ordinary skill in the art will appreciate that all or a portion of the above steps may be performed by a program to instruct related hardware, such as a processor, which may be stored in a computer readable storage medium, such as a read only memory, disk or optical disk. Wait. Alternatively, all or part of the steps of the above embodiments may also be implemented using one or more integrated circuits. Correspondingly, each module/unit in the foregoing embodiment may be implemented in the form of hardware, for example, by implementing an integrated circuit to implement its corresponding function, or may be implemented in the form of a software function module, for example, executing a program in a storage and a memory by a processor. / instruction to achieve its corresponding function. The invention is not limited to any specific form of combination of hardware and software.
通过具体实施方式的说明,应当可对本发明为达成预定目的所采取的技术手段及功效得以更加深入且具体的了解,然而所附图示仅是提供参考与说明之用,并非用来对本发明加以限制。The technical means and functions of the present invention for achieving the intended purpose can be more deeply and specifically understood by the description of the specific embodiments. However, the accompanying drawings are only for the purpose of illustration and description, and are not intended to limit.
工业实用性Industrial applicability
上述技术方案提高了安全策略的灵活性,从而适应了不断变化的恶意应用。 The above technical solutions increase the flexibility of the security policy to adapt to the ever-changing malicious applications.

Claims (10)

  1. 一种防隐私信息泄露的方法,包括:A method for preventing privacy information leakage includes:
    确定出访问隐私数据后执行预传播操作的应用;Determining an application that performs a pre-propagation operation after accessing the privacy data;
    判断所述应用访问隐私数据的时机是否符合设定的条件,在符合设定的条件的情况下,针对所述应用进行风险提示。Determining whether the time when the application accesses the private data meets the set condition, and if the set condition is met, the risk prompt is performed for the application.
  2. 根据权利要求1所述的防隐私信息泄露的方法,其中,确定出访问隐私数据后执行预传播操作的应用,包括:The method for preventing privacy information leakage according to claim 1, wherein the application for performing a pre-propagation operation after accessing the privacy data comprises:
    根据操作系统中的应用行为控制服务针对一个或多个应用记录的操作信息,确定出访问隐私数据后执行预传播操作的应用;所述记录的操作信息,包括:应用名称、操作类型和执行操作的时间。Controlling, according to the application behavior in the operating system, operation information recorded by the service for one or more applications, determining an application that performs a pre-propagation operation after accessing the privacy data; the recorded operation information, including: an application name, an operation type, and an execution operation time.
  3. 根据权利要求2所述的防隐私信息泄露的方法,所述记录的操作信息,还包括:应用最后一次被拒绝执行操作的时间;The method for preventing privacy information leakage according to claim 2, wherein the recorded operation information further comprises: a time when the application is last rejected to perform the operation;
    所述方法,还包括:The method further includes:
    判断所述应用访问隐私数据被拒绝的次数是否超过设定的次数,在超过设定的次数的情况下,针对所述应用进行风险提示。It is determined whether the number of times the application access privacy data is rejected exceeds a set number of times, and if the set number of times is exceeded, a risk prompt is performed for the application.
  4. 根据权利要求1或2所述的防隐私信息泄露的方法,其中,所述预传播操作,包括:数据上传操作,和/或,写文件操作。The method for preventing privacy information leakage according to claim 1 or 2, wherein the pre-propagation operation comprises: a data upload operation, and/or a write file operation.
  5. 根据权利要求1所述的防隐私信息泄露的方法,其中,所述设定的条件包括以下之一:The method of preventing privacy information leakage according to claim 1, wherein the set condition includes one of the following:
    在所述应用安装成功之后的第一设定时间段内执行访问隐私数据的操作;Performing an operation of accessing private data within a first set period of time after the application is successfully installed;
    在隐私数据被更新之后的第二设定时间段内执行访问隐私数据的操作;Performing an operation of accessing private data in a second set time period after the privacy data is updated;
    定时执行访问隐私数据的操作;Regularly perform operations for accessing private data;
    在有网络下载操作之后的第三设定时间段内执行访问隐私数据的操作。The operation of accessing the private data is performed within a third set period of time after the network download operation.
  6. 一种防隐私信息泄露的装置,包括:A device for preventing privacy information leakage, comprising:
    确定模块,设置为确定出访问隐私数据后执行预传播操作的应用; Determining a module, configured to determine an application that performs a pre-propagation operation after accessing the privacy data;
    判断模块,设置为判断所述应用访问隐私数据的时机是否符合设定的条件,在符合设定的条件的情况下,针对所述应用进行风险提示。The judging module is configured to determine whether the timing of the application accessing the private data meets the set condition, and if the set condition is met, the risk prompt is performed for the application.
  7. 根据权利要求6所述的防隐私信息泄露的装置,其中,所述确定模块是设置为:The apparatus for preventing privacy information leakage according to claim 6, wherein the determining module is configured to:
    根据操作系统中的应用行为控制服务针对一个或多个应用记录的操作信息,确定出访问隐私数据后执行预传播操作的应用;所述记录的操作信息,包括:应用名称、操作类型和执行操作的时间;Controlling, according to the application behavior in the operating system, operation information recorded by the service for one or more applications, determining an application that performs a pre-propagation operation after accessing the privacy data; the recorded operation information, including: an application name, an operation type, and an execution operation time;
    所述预传播操作,包括:数据上传操作,和/或,写文件操作。The pre-propagation operation includes: a data upload operation, and/or a write file operation.
  8. 根据权利要求7所述的防隐私信息泄露的装置,所述记录的操作信息,还包括:应用最后一次被拒绝执行操作的时间;The apparatus for preventing privacy information leakage according to claim 7, wherein the recorded operation information further comprises: a time when the application is last rejected to perform the operation;
    所述判断模块,还设置为:The determining module is further configured to:
    判断所述应用访问隐私数据被拒绝的次数是否超过设定的次数,在超过设定的次数的情况下,针对所述应用进行风险提示。It is determined whether the number of times the application access privacy data is rejected exceeds a set number of times, and if the set number of times is exceeded, a risk prompt is performed for the application.
  9. 根据权利要求6所述的防隐私信息泄露的装置,其中,所述判断模块是设置为:The apparatus for preventing privacy information leakage according to claim 6, wherein the determining module is configured to:
    判断所述应用访问隐私数据的时机是否符合以下之一,在符合以下之一的情况下,针对所述应用向所述用户进行风险提示:Determining whether the time when the application accesses the private data meets one of the following, and if the one of the following is met, the user is prompted for the risk for the application:
    在所述应用安装成功之后的第一设定时间段内执行访问隐私数据的操作;Performing an operation of accessing private data within a first set period of time after the application is successfully installed;
    在隐私数据被更新之后的第二设定时间段内执行访问隐私数据的操作;Performing an operation of accessing private data in a second set time period after the privacy data is updated;
    定时执行访问隐私数据的操作;Regularly perform operations for accessing private data;
    在有网络下载操作之后的第三设定时间段内执行访问隐私数据的操作。The operation of accessing the private data is performed within a third set period of time after the network download operation.
  10. 一种终端,包括如权利要求6~9中任一项所述的防隐私信息泄露的装置。 A terminal comprising the device for preventing privacy information leakage according to any one of claims 6 to 9.
PCT/CN2016/091623 2015-10-15 2016-07-25 Private information leakage prevention method, device and terminal WO2017063424A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN201510665083.0 2015-10-15
CN201510665083.0A CN106599709B (en) 2015-10-15 2015-10-15 Method, device and terminal for preventing privacy information leakage

Publications (1)

Publication Number Publication Date
WO2017063424A1 true WO2017063424A1 (en) 2017-04-20

Family

ID=58517747

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2016/091623 WO2017063424A1 (en) 2015-10-15 2016-07-25 Private information leakage prevention method, device and terminal

Country Status (2)

Country Link
CN (1) CN106599709B (en)
WO (1) WO2017063424A1 (en)

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107426435A (en) * 2017-08-04 2017-12-01 晶赞广告(上海)有限公司 For the method and system for controlling sensitive data to ask
CN111404890A (en) * 2020-03-05 2020-07-10 北京字节跳动网络技术有限公司 Flow data detection method, system, storage medium and electronic device
CN112100623A (en) * 2020-08-21 2020-12-18 百度在线网络技术(北京)有限公司 Risk assessment method, device and equipment of machine learning model and storage medium
CN113326502A (en) * 2021-06-27 2021-08-31 刘秀萍 Android application classification authorization method for quantitative evaluation of suspicious behaviors

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107403092B (en) * 2017-07-27 2019-12-13 中国人民大学 Mobile phone APP privacy risk quantitative evaluation method
CN110968889A (en) * 2018-09-30 2020-04-07 中兴通讯股份有限公司 Data protection method, equipment, device and computer storage medium
CN109922044B (en) * 2019-01-25 2021-07-13 努比亚技术有限公司 Application marking method, application downloading method, electronic equipment and storage medium
CN111753328B (en) * 2020-06-03 2023-03-17 支付宝(杭州)信息技术有限公司 Private data leakage risk detection method and system
CN112230935B (en) * 2020-11-03 2022-07-01 支付宝(杭州)信息技术有限公司 Privacy risk detection method, device and equipment in application
CN112565266A (en) * 2020-12-07 2021-03-26 深信服科技股份有限公司 Information leakage attack detection method and device, electronic equipment and storage medium
CN114884993B (en) * 2022-05-07 2023-12-22 杭州天宽科技有限公司 Virtualized android system for enhancing data security

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102413221A (en) * 2011-11-24 2012-04-11 中兴通讯股份有限公司 Method for protecting privacy information and mobile terminal
US20120222120A1 (en) * 2011-02-24 2012-08-30 Samsung Electronics Co. Ltd. Malware detection method and mobile terminal realizing the same
CN103716313A (en) * 2013-12-24 2014-04-09 中国科学院信息工程研究所 User privacy information protection method and user privacy information protection system
CN104281808A (en) * 2014-09-25 2015-01-14 中国科学院信息工程研究所 Universal detection method for malicious act of Android system
CN104462973A (en) * 2014-12-18 2015-03-25 上海斐讯数据通信技术有限公司 System and method for detecting dynamic malicious behaviors of application program in mobile terminal

Family Cites Families (17)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP4016787B2 (en) * 2002-07-31 2007-12-05 日本電気株式会社 Positioning system in mobile communication network
JP2005293504A (en) * 2004-04-05 2005-10-20 Sony Corp Program, computer and data processing method
CN100579202C (en) * 2007-07-24 2010-01-06 深圳市同洲电子股份有限公司 Digital television time lock controlling equipment and method
CN101533365A (en) * 2009-04-16 2009-09-16 唐郡 Computer system, maintenance method and device thereof
CN102104679A (en) * 2010-12-09 2011-06-22 中兴通讯股份有限公司 Method and device for preventing mobile terminal from being used by invalid user
CN103136472B (en) * 2011-11-29 2016-08-31 腾讯科技(深圳)有限公司 A kind of anti-application program steals method and the mobile device of privacy
CN103581909B (en) * 2012-07-31 2016-12-21 华为技术有限公司 The localization method of a kind of doubtful mobile phone Malware and device thereof
CN103024744B (en) * 2012-12-24 2015-08-05 百度在线网络技术(北京)有限公司 The method and system of the authentication of mobile terminal
CN203027335U (en) * 2012-12-29 2013-06-26 南京理工大学常熟研究院有限公司 Mobile terminal access privacy monitoring device
CN103067592A (en) * 2012-12-29 2013-04-24 南京理工大学常熟研究院有限公司 Intelligent terminal visit privacy monitoring method and system
CN103618696B (en) * 2013-11-07 2017-04-19 北京奇虎科技有限公司 Method and server for processing cookie information
CN104702424A (en) * 2013-12-05 2015-06-10 中国联合网络通信集团有限公司 Network behavior monitoring method and device
CN103679028A (en) * 2013-12-06 2014-03-26 深圳酷派技术有限公司 Software behavior monitoring method and terminal
CN104331644B (en) * 2014-11-24 2017-08-04 北京邮电大学 A kind of transparent encipher-decipher method of intelligent terminal file
CN104579847B (en) * 2015-01-22 2018-05-29 网易(杭州)网络有限公司 The monitoring method and equipment of communication information
CN104869239A (en) * 2015-04-30 2015-08-26 努比亚技术有限公司 Display control method and device for terminal information
CN104881616B (en) * 2015-06-29 2018-09-25 北京金山安全软件有限公司 Privacy information storage method and device based on application program

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120222120A1 (en) * 2011-02-24 2012-08-30 Samsung Electronics Co. Ltd. Malware detection method and mobile terminal realizing the same
CN102413221A (en) * 2011-11-24 2012-04-11 中兴通讯股份有限公司 Method for protecting privacy information and mobile terminal
CN103716313A (en) * 2013-12-24 2014-04-09 中国科学院信息工程研究所 User privacy information protection method and user privacy information protection system
CN104281808A (en) * 2014-09-25 2015-01-14 中国科学院信息工程研究所 Universal detection method for malicious act of Android system
CN104462973A (en) * 2014-12-18 2015-03-25 上海斐讯数据通信技术有限公司 System and method for detecting dynamic malicious behaviors of application program in mobile terminal

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107426435A (en) * 2017-08-04 2017-12-01 晶赞广告(上海)有限公司 For the method and system for controlling sensitive data to ask
CN111404890A (en) * 2020-03-05 2020-07-10 北京字节跳动网络技术有限公司 Flow data detection method, system, storage medium and electronic device
CN111404890B (en) * 2020-03-05 2022-07-05 北京字节跳动网络技术有限公司 Flow data detection method, system, storage medium and electronic device
CN112100623A (en) * 2020-08-21 2020-12-18 百度在线网络技术(北京)有限公司 Risk assessment method, device and equipment of machine learning model and storage medium
CN112100623B (en) * 2020-08-21 2023-12-22 百度在线网络技术(北京)有限公司 Risk assessment method, apparatus, device and storage medium for machine learning model
CN113326502A (en) * 2021-06-27 2021-08-31 刘秀萍 Android application classification authorization method for quantitative evaluation of suspicious behaviors

Also Published As

Publication number Publication date
CN106599709A (en) 2017-04-26
CN106599709B (en) 2021-08-17

Similar Documents

Publication Publication Date Title
WO2017063424A1 (en) Private information leakage prevention method, device and terminal
CN109711168B (en) Behavior-based service identification method, behavior-based service identification device, behavior-based service identification equipment and readable storage medium
US10433235B2 (en) Method and apparatus for self organizing networks
CN110651269B (en) Isolated container event monitoring
US9230085B1 (en) Network based temporary trust extension to a remote or mobile device enabled via specialized cloud services
EP2696282B1 (en) System and method for updating authorized software
TWI601064B (en) Web-based interface to access a function of a basic input/output system
JP6513716B2 (en) Dynamic patching for diversity based software security
US10867048B2 (en) Dynamic security module server device and method of operating same
US10838736B2 (en) Bare metal device management
KR101934378B1 (en) Computer system having the hazard protection, and method thereof
CN111919198A (en) Kernel function callback method and system
CN110688653A (en) Client security protection method and device and terminal equipment
Singh et al. ZapDroid: managing infrequently used applications on smartphones
JP2007164652A (en) Method for managing secondary storage device in user terminal and user terminal
WO2019037521A1 (en) Security detection method, device, system, and server
CN114138590A (en) Operation and maintenance processing method and device for Kubernetes cluster and electronic equipment
JP2016207111A (en) Control program, information processing terminal, and control method
CN111353150B (en) Trusted boot method, trusted boot device, electronic equipment and readable storage medium
CN111506897B (en) Data processing method and device
KR101428769B1 (en) Black box apparatus and method for supporting reconfiguration of smart grid system
Johnson et al. Why software dos is hard to fix: Denying access in embedded android platforms
Johnson et al. Improving traditional android mdms with non-traditional means
US20170177863A1 (en) Device, System, and Method for Detecting Malicious Software in Unallocated Memory
JP5560110B2 (en) Mobile terminal and program

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 16854806

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 16854806

Country of ref document: EP

Kind code of ref document: A1