WO2018045564A1 - 辅助服务管理方法及装置 - Google Patents
辅助服务管理方法及装置 Download PDFInfo
- Publication number
- WO2018045564A1 WO2018045564A1 PCT/CN2016/098590 CN2016098590W WO2018045564A1 WO 2018045564 A1 WO2018045564 A1 WO 2018045564A1 CN 2016098590 W CN2016098590 W CN 2016098590W WO 2018045564 A1 WO2018045564 A1 WO 2018045564A1
- Authority
- WO
- WIPO (PCT)
- Prior art keywords
- application
- identifier
- list
- auxiliary service
- blacklist
- Prior art date
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2149—Restricted operating environment
Definitions
- the embodiments of the present invention relate to the field of information security, and in particular, to an auxiliary service management method and apparatus.
- the accessibility service is a service provided to people with disabilities in the Android system. People with disabilities include blind people, deaf people, and people with physical disabilities.
- an embodiment of the present invention provides an auxiliary service management method and apparatus.
- the technical solution is as follows:
- an auxiliary service management method comprising:
- an authorization management interface of the auxiliary service is displayed, where the authorization management interface includes an identifier of the target application, and the target application is a blacklist corresponding to the auxiliary service and/or Or a whitelisted list of filtered applications;
- the authorization management interface is used for a user interface for the user to grant the target application with the rights provided by the auxiliary service.
- the method further includes:
- the first application list includes an identifier of at least one first application, and the first application is an application that requests permission provided by the auxiliary service;
- the filtering of the identifier of the first application according to the blacklist to obtain the identifier of the target application includes:
- the identifier of the first application is determined as an identifier of the target application.
- the filtering of the identifier of the first application according to the whitelist list to obtain the identifier of the target application includes:
- the method further includes:
- the method further includes:
- the second application list including an identifier of the at least one second application, the second application being an application that has been granted the permission provided by the auxiliary service;
- the canceling the granted permission of the second application according to the blacklist list includes:
- the granted authority of the second application is cancelled by the authorization management process.
- the canceling the granted permission of the second application according to the whitelist list comprises:
- the granted authority of the second application is cancelled by the authorization management process.
- the method further includes:
- the target application included in the authorization management interface is set by the cloud server.
- the setting, by the cloud server, the target application included in the authorization management interface includes:
- the blacklist and/or the whitelist is downloaded from the cloud server according to a predetermined time rule, and the blacklist and/or the whitelist is a list updated by the cloud server.
- an auxiliary service management apparatus comprising:
- An interface display module for displaying assistance when the application requirements of the rights provided by the auxiliary service are met
- An authorization management interface of the service where the authorization management interface includes an identifier of the target application, where the target application is an application filtered by a blacklist and/or a whitelist corresponding to the auxiliary service;
- the authorization management interface is used for a user interface for the user to grant the target application with the rights provided by the auxiliary service.
- the apparatus further includes:
- a first obtaining module configured to obtain a first application list, where the first application list includes an identifier of at least one first application, and the first application is an application that requests permission provided by the auxiliary service;
- the first filtering module is configured to filter the identifier of the first application according to the blacklist list and/or the whitelist list to obtain an identifier of the target application.
- the first filtering module includes:
- a first detecting unit configured to detect whether the identifier of the first application belongs to the blacklist
- a first determining unit configured to determine, when the identifier of the first application does not belong to the blacklist, an identifier of the first application as an identifier of the target application.
- the first filtering module includes:
- a second detecting unit configured to detect whether the identifier of the first application belongs to the whitelist list
- a second determining unit configured to determine, when the identifier of the first application belongs to the whitelist, an identifier of the first application as an identifier of the target application.
- the apparatus further includes:
- An instruction receiving module configured to receive, by using the authorization management interface, an authorization instruction of the user to the target application
- a permission granting module configured to grant the target application the permission provided by the auxiliary service according to the authorization instruction.
- the apparatus further includes:
- a second obtaining module configured to obtain a second application list, where the second application list includes an identifier of the at least one second application, and the second application is an application that has been granted the permission provided by the auxiliary service ;
- a permission cancellation module configured to pair the second according to the blacklist and/or the whitelist The permission granted by the application is canceled.
- the permission cancellation module includes:
- a third detecting unit configured to detect whether the identifier of the second application belongs to the blacklist
- a first canceling unit configured to cancel, by the authorization management process, the granted permission of the second application, if the identifier of the second application belongs to the blacklist.
- the permission cancellation module includes:
- a fourth detecting unit configured to detect whether the identifier of the second application belongs to the whitelist list
- a second canceling unit configured to cancel, by the authorization management process, the granted authority of the second application, if the identifier of the second application does not belong to the whitelist.
- the apparatus further includes:
- a setting module configured to set, by the cloud server, a target application included in the authorization management interface.
- the setting module includes:
- a list downloading unit configured to download the blacklist list and/or the whitelist list from a cloud server according to a predetermined time rule, where the blacklist list and/or the whitelist list is updated by the cloud server List.
- an auxiliary service management apparatus including:
- a memory for storing executable instructions of the processor
- processor is configured to:
- an authorization management interface of the auxiliary service is displayed, where the authorization management interface includes an identifier of the target application, and the target application is a blacklist corresponding to the auxiliary service and/or Or a whitelisted list of filtered applications;
- the authorization management interface is used for a user interface for the user to grant the target application with the rights provided by the auxiliary service.
- the target application is filtered by using the blacklist and/or the whitelist corresponding to the auxiliary service, and the target application is displayed in the authorization management interface, and the malicious application is applied to the Android system for the auxiliary service.
- using the analog click feature is not known to the user.
- the problem of malicious operation in the case of intelligence; the ability to filter the application, display the identity of the filtered non-malicious application in the authorization management interface, shield the identity of the malicious application, and avoid the user granting the auxiliary service to the malicious application The permissions provided improve the security of the operating system.
- FIG. 1 is a schematic diagram of an auxiliary function interface according to an embodiment of the present invention.
- FIG. 2A is a flowchart of an auxiliary service management method according to an embodiment of the present invention.
- FIG. 2B is a schematic diagram of an auxiliary service management interface according to an embodiment of the present invention.
- FIG. 3A is a flowchart of an auxiliary service management method according to another embodiment of the present invention.
- FIG. 3B is a schematic diagram of an auxiliary service management interface according to another embodiment of the present invention.
- FIG. 3C is a schematic diagram of an auxiliary service management interface according to another embodiment of the present invention.
- FIG. 4A is a flowchart of an auxiliary service management method according to another embodiment of the present invention.
- 4B is a schematic diagram of an auxiliary service management interface according to another embodiment of the present invention.
- FIG. 5A is a flowchart of an auxiliary service management method according to another embodiment of the present invention.
- FIG. 5B is a schematic diagram of an auxiliary service management interface according to another embodiment of the present invention.
- FIG. 5C is a schematic diagram of an auxiliary service management interface according to another embodiment of the present invention.
- 6A is a flowchart of an auxiliary service management method according to another embodiment of the present invention.
- 6B is a schematic diagram of an auxiliary service management interface according to another embodiment of the present invention.
- FIG. 7 is a structural block diagram of an auxiliary service management apparatus according to an embodiment of the present invention.
- FIG. 8 is a structural block diagram of an auxiliary service management apparatus according to another embodiment of the present invention.
- FIG. 9 is a schematic structural diagram of a terminal according to an embodiment of the present invention.
- the terminal can be a mobile phone, a tablet computer, an e-book reader, an MP3 player (Moving Picture Experts Group Audio Layer III), and a MP4 (Moving Picture Experts Group Audio Layer IV). Audio level 4) Players, wearables, laptops and desktop computers, etc.
- the terminal runs an Android (Android) operating system, referred to as an Android system.
- the Android operating system provides accessibility services, also known as accessibility, accessibility, accessibility, and accessibility assistance.
- accessibility services also known as accessibility, accessibility, accessibility, and accessibility assistance.
- a setting interface with an auxiliary service is usually provided in the system setting interface of the Android system.
- the setting interface is an authorization management interface of the auxiliary service.
- multiple applications can be run in the terminal, and the application can apply for the rights provided by the auxiliary service to the operating system of the terminal.
- the auxiliary service is provided with a right for implementing the voice prompt function, a right for implementing the physical feedback function, a right for implementing the simulated click function, and a right for implementing the text enlargement function.
- the application After the application requests the Android system to access the auxiliary service, it can use the various permissions provided by the auxiliary service.
- the various permissions provided by the ancillary services there is a right to implement the analog click function, and the analog click function is a function for helping the blind to click on the screen.
- the program command can be used to simulate the user's click signal on the user interface, thereby controlling the controls displayed on the user interface.
- a user interface 100 corresponding to an auxiliary function is provided in a system setting interface of the Android system.
- the user interface 100 corresponding to the auxiliary function displays all applications that can apply for or have applied for the rights of the auxiliary service.
- malware applications that apply for the auxiliary service to the Android system, and use the simulated click function to perform malicious operations without the user's knowledge.
- the malicious operations include: obtaining the unauthorized authorization, and uninstalling the competitive application. Modify the system settings of the operating system.
- FIG. 2A is a schematic diagram of an interface of an auxiliary service management method according to an embodiment of the present invention. This embodiment is described by using the auxiliary service management method in the terminal.
- the auxiliary service management method can include the following steps:
- Step 202 Determine whether an application requirement of the permission of the auxiliary service is met
- the application requirement is that the application declares a predetermined code in the installation package file, the predetermined generation
- the code is the code used to request permission for the provisioning service.
- Step 204 When the auxiliary service permission application requirement is met, the authorization management interface of the auxiliary service is displayed, where the authorization management interface includes the identifier of the target application, and the target application is filtered by the blacklist and/or the whitelist corresponding to the auxiliary service. After the application;
- the authorization management interface is used for a user interface for the user to grant the target application the rights provided by the auxiliary service.
- the identity of the target application is the package name of the target application.
- the auxiliary service management interface 210 displays The application's identity 001, the application's identity 002, the application's identity 003, and the application's identity 004.
- the identifier 001 of the application, the identifier 002 of the application, the identifier 003 of the application, and the identifier 004 of the application are the applications filtered by the blacklist and/or the whitelist corresponding to the auxiliary service.
- the auxiliary service management method obtains the target application by using the blacklist list and/or the whitelist list corresponding to the auxiliary service to filter the application, and displays the target application in the authorization management interface.
- the problem of malicious operation is performed without the user's knowledge using the analog click function; the application can be filtered, and the authorization management interface displays the filtered content.
- FIG. 3A shows a flowchart of an auxiliary service management method provided by another embodiment of the present invention. This embodiment is described by using the auxiliary service management method in the terminal.
- the auxiliary service management method can include the following steps:
- Step 301 The terminal receives a trigger signal.
- the trigger signal is a signal for displaying an authorization management interface of the auxiliary service.
- Step 302 The terminal acquires a blacklist corresponding to the auxiliary service.
- the terminal pre-stores a blacklist list, where the blacklist list stores the identifier of the malicious application.
- a malicious application is a program that performs malicious actions using the permissions provided by the secondary service.
- the identity of the application is used to uniquely identify the application.
- the identity of the application is the package name of the application.
- Step 303 The terminal acquires a first application list, where the first application list includes an identifier of at least one first application, and the first application is an application that requests permission provided by the auxiliary service.
- Auxiliary services are services provided by the Android system for people with disabilities.
- the first application in the first application list declares a predetermined code in the installation package file, which is a code for requesting the permission of the auxiliary service provision.
- the Android system obtains the first application list by calling the AccessibilityManager.getInstalledAccessibilityServiceList() function.
- the first application in the first application list is usually an application that has not applied for the permission provided by the auxiliary service, or an application that has been granted the permission provided by the auxiliary service (such as being authorized in an older version of the operating system) ).
- the first application list L01 includes an identifier A of the first application, an identifier B of the first application, an identifier C of the first application, an identifier D of the first application, and a first application. Identify E and the identifier F of the first application.
- Step 304 The terminal detects whether the identifier of the first application belongs to the blacklist.
- the blacklist list includes the identity of the malicious application.
- the blacklist list includes the identifier of the malicious application: the identifier B of the first application and the identifier E of the first application.
- the blacklist is pre-stored in the terminal, or the terminal downloads the blacklist from the server.
- the blacklist is updated according to a preset time interval.
- the terminal traverses the identifier of the first application in the first application list, and detects whether the identifier of the first application belongs to the blacklist.
- Step 305 If the identifier of the first application does not belong to the blacklist, the terminal determines the identifier of the first application as the identifier of the target application.
- the target application is an application that is filtered by the blacklist of the auxiliary service.
- the target application is a non-malicious application.
- the terminal traverses to obtain that the identifier A of the first application, the identifier C of the first application, the identifier D of the first application, and the identifier F of the first application do not belong to the blacklist, and the terminal will
- the identification A of the first application, the identification C of the first application, the identification D of the first application, and the identification F of the first application are determined as the identification of the target application.
- Step 306 The terminal displays an authorization management interface of the auxiliary service, where the authorization management interface includes an identifier of the target application.
- the target application is an application filtered by a blacklist corresponding to the auxiliary service; wherein the authorization management interface is used for the user interface to grant the target application the right provided by the auxiliary service.
- the terminal shields and does not display the identity of the first application that belongs to the blacklist.
- the terminal displays an authorization management interface 300 of the auxiliary service, where the authorization management interface 300 includes the identifier A of the first application, the identifier C of the first application, the identifier D of the first application, and the first application.
- logo F The terminal shields and does not display the identifier B of the first application and the identifier E of the first application.
- the user can perform related operations according to the guidance of the authorization management interface, as follows:
- Step 307 The terminal receives an authorization instruction of the user for the target application through the authorization management interface.
- the user clicks the identifier A of the first application in the authorization management interface 300 to enter the interface 003 corresponding to the identifier A of the first application, and the authorization management button a is provided in the interface 003, and the user clicks the authorization management button. a, triggering the terminal to authorize the identifier A of the first application.
- the authorization is to give the first application permission to the secondary service.
- an authorization command is used to authorize open or cancel permissions.
- Step 308 The terminal grants the target application the permission provided by the auxiliary service according to the authorization instruction.
- the terminal grants the game application the right to "automatically install a new version from now on.” Since then, the game application has the ability to automatically install new versions using the analog click feature.
- the blacklist list is a list stored in advance in the terminal, or the blacklist list is a list collected and constantly updated in the cloud server.
- Step 309 The terminal downloads a blacklist from the cloud server according to a predetermined time rule, where the blacklist is a list updated by the cloud server.
- the predetermined time rule includes a fixed time interval and/or an unfixed time interval.
- the terminal updates the existing blacklist list by using the blacklist list downloaded by the cloud server.
- the auxiliary service management method obtains the target application by filtering the application by using the blacklist corresponding to the auxiliary service in the process of applying the permission provided by the auxiliary service, in the authorization management interface.
- Display the target application solve the problem that the malicious application applies the auxiliary service to the Android system, and uses the analog click function without the user's knowledge.
- the problem of malicious operation is achieved; the application can be filtered, the identifier of the filtered non-malicious application is displayed in the authorization management interface, the identifier of the malicious application is blocked, and the user is granted the permission to grant the auxiliary service to the malicious application. , thereby improving the security of the operating system.
- the blacklist is updated through the cloud server, which improves the accuracy of blocking malicious applications.
- FIG. 4A shows a flowchart of an auxiliary service management method provided by another embodiment of the present invention. This embodiment is described by using the auxiliary service management method in the terminal.
- the auxiliary service management method can include the following steps:
- Step 401 The terminal receives a trigger signal.
- the trigger signal is a signal for displaying an authorization management interface of the auxiliary service.
- Step 402 The terminal acquires a whitelist corresponding to the auxiliary service.
- the terminal pre-stores a whitelist list, where the whitelist list stores the identifier of the non-malicious application.
- a non-malicious application is a program that performs normal operations using the permissions provided by the secondary service.
- the identity of the application is used to uniquely identify the application.
- the identity of the application is the package name of the application.
- Step 403 The terminal acquires a first application list, where the first application list includes an identifier of at least one first application, and the first application is an application that requests permission provided by the auxiliary service.
- Auxiliary services are services provided by the Android system for people with disabilities.
- the first application in the first application list declares a predetermined code in the installation package file, which is a code for requesting the permission of the auxiliary service provision.
- the Android system obtains the first application list by calling the AccessibilityManager.getInstalledAccessibilityServiceList() function.
- the first application in the first application list is usually an application that has not applied for the permission provided by the auxiliary service, or an application that has been granted the permission provided by the auxiliary service (such as being authorized in an older version of the operating system) ).
- the first application list L02 includes an identifier X of the first application, an identifier Y of the first application, an identifier Z of the first application, an identifier O of the first application, and a first application.
- the identification P and the identification Q of the first application are included in the first application list L02.
- Step 404 The terminal detects whether the identifier of the first application belongs to the whitelist.
- the whitelist includes the identity of the non-malicious application.
- the white list includes the identifier of the non-malicious application: the identifier X of the first application, the identifier Y of the first application, the identifier Z of the first application, and the identifier O of the first application.
- the whitelist is pre-stored in the terminal, or the terminal downloads the whitelist from the server.
- the whitelist is updated according to a preset time interval.
- the terminal traverses the identifier of the first application in the first application list, and detects whether the identifier of the first application belongs to the whitelist.
- Step 405 If the identifier of the first application belongs to the whitelist, the terminal determines the identifier of the first application as the identifier of the target application.
- the target application is an application that is filtered by a whitelist of corresponding auxiliary services.
- the terminal traverses to obtain the identifier X of the first application, the identifier Y of the first application, the identifier Z of the first application, and the identifier O of the first application belong to the whitelist.
- the terminal determines the identifier X of the first application, the identifier Y of the first application, the identifier Z of the first application, and the identifier O of the first application as the identifier of the target application.
- Step 406 The terminal displays an authorization management interface of the auxiliary service, where the authorization management interface includes an identifier of the target application.
- the target application is an application filtered by a whitelist of corresponding auxiliary services; wherein the authorization management interface is used for the user to grant the target application a user interface provided by the auxiliary service.
- the terminal shields and does not display the identity of the first application that does not belong to the whitelist.
- the terminal displays an authorization management interface 400 of the auxiliary service, where the authorization management interface 400 includes an identifier X of the first application, an identifier Y of the first application, an identifier Z of the first application, and a first application.
- the logo O The terminal shields and does not display the identifier P of the first application and the identifier Q of the first application.
- the user can perform related operations according to the guidance of the authorization management interface, as follows:
- Step 407 The terminal receives an authorization instruction of the user for the target application through the authorization management interface.
- the authorization is to give the first application permission to the secondary service.
- Step 408 The terminal grants the target application the permission provided by the auxiliary service according to the authorization instruction.
- the terminal grants the game application the right to "automatically install a new version from now on.” Since then, the game application has the ability to automatically install new versions using the analog click feature.
- the whitelist list is a list stored in advance in the terminal, or the whitelist list is a list collected and constantly updated in the cloud server.
- Step 409 The terminal downloads a whitelist list from the cloud server according to a predetermined time rule, where the whitelist list is a list updated by the cloud server.
- the predetermined time rule includes a fixed time interval and/or an unfixed time interval.
- the terminal updates the existing whitelist list by using the whitelist list downloaded by the cloud server.
- the auxiliary service management method in the process of applying for the permission provided by the auxiliary service, obtains the target application by filtering the application by using the whitelist corresponding to the auxiliary service, in the authorization management interface.
- Display the target application solve the problem that the malicious application applies the auxiliary service to the Android system, and then uses the simulated click function to perform malicious operation without the user's knowledge; it can filter the application and authorize the management interface. It displays the identity of the filtered non-malicious application, shields the identity of the malicious application, and prevents the user from granting the permission of the auxiliary service to the malicious application, thereby improving the security of the operating system.
- the whitelist is updated through the cloud server, which improves the accuracy of blocking malicious applications.
- auxiliary service management method can include the following steps:
- Step 501 After the OTA is upgraded, the terminal obtains a blacklist corresponding to the auxiliary service.
- the terminal After the upgrade of the OTA (Over-the-Air Technology), the terminal obtains the blacklist corresponding to the auxiliary service from the OTA upgrade package.
- the blacklist stores the identity of the malicious application.
- a malicious application is a program that performs malicious actions using the permissions provided by the secondary service.
- the identity of the application is used to uniquely identify the application.
- the identity of the application is the package name of the application.
- Step 502 The terminal acquires a second application list, where the second application list includes an identifier of the at least one second application, and the second application is an application that has been granted the permission provided by the auxiliary service.
- Auxiliary services are services provided by the Android system for people with disabilities.
- the second application in the second application list is typically an application that has been granted permissions granted by the secondary service (such as being authorized in an older version of the operating system).
- the second application V has been granted the "Automatically install new version from now on” permission.
- the second application list L03 includes an identification K of the second application, an identification J of the second application, an identification H of the second application, and an identification G of the second application.
- Step 503 The terminal detects whether the identifier of the second application belongs to the blacklist.
- the blacklist list includes the identity of the malicious application. As shown in FIG. 5B, the blacklist list includes the identifier of the malicious application: the identifier G of the second application.
- the blacklist is pre-stored in the terminal, or the terminal downloads the blacklist from the server.
- the blacklist is updated according to a preset time interval.
- the terminal traverses the identifier of the second application in the second application list, and detects whether the identifier of the second application belongs to the blacklist.
- Step 504 If the identifier of the second application belongs to the blacklist, the terminal cancels the granted permission of the second application by the authorization management process.
- Cancelling a granted permission for a second application means that the second application no longer has granted permissions.
- the second application G has the privilege "automatically install a new version from here", and after canceling the granted privilege, the second application G no longer has the privilege of "automatically installing a new version from here".
- the terminal maintains authorization for the second application that does not belong to the blacklist.
- the terminal traverses to obtain that the identifier G of the second application belongs to the blacklist list, and cancels the authority that the second application G has granted.
- the terminal maintains the authorization of the second application K, the second application J, and the second application H.
- the management terminal terminal displays an authorization management interface 500 of the auxiliary service.
- the authorization management interface 500 includes an identifier K of the second application, an identifier J of the second application, and an identifier H of the second application.
- the management terminal terminal terminal shields and does not display the identifier G of the second application.
- the original authorization management interface 005 includes the identifier K of the second application, the identifier J of the second application, the identifier H of the second application, and the identifier G of the second application, and cancels the second application.
- the authorization management interface 500 includes the identifier K of the second application, the identifier J of the second application, and the identifier H of the second application.
- This embodiment can be implemented in combination with the embodiments shown in Figures 2A, 3A and 4A above.
- the auxiliary service management method filters the application that has been granted the permission provided by the auxiliary service by using the blacklist corresponding to the auxiliary service to obtain the target application, and displays the target application in the authorization management interface.
- the program solves the problem that the malicious application applies the auxiliary service to the Android system, and uses the simulated click function to perform malicious operations without the user's knowledge; and the application that can grant the permission provided by the auxiliary service is achieved.
- FIG. 6A shows a flowchart of an auxiliary service management method according to another embodiment of the present invention. This embodiment is described by using the auxiliary service management method in the terminal.
- the auxiliary service management method can include the following steps:
- Step 601 After the OTA is upgraded, the terminal acquires a whitelist corresponding to the auxiliary service.
- the terminal After the upgrade of the OTA (Over-the-Air Technology), the terminal obtains a whitelist from the OTA upgrade package.
- OTA Over-the-Air Technology
- the whitelist is stored with the identity of the non-malicious application.
- a non-malicious application is a program that performs normal operations using the permissions provided by the secondary service.
- the identity of the application is used to uniquely identify the application.
- the identity of the application is the package name of the application.
- Step 602 The terminal acquires a second application list, where the second application list includes an identifier of the at least one second application, and the second application is an application that has been granted the permission provided by the auxiliary service.
- Auxiliary services are services provided by the Android system for people with disabilities.
- the second application in the second application list is typically an application that has been granted permissions granted by the secondary service (such as being authorized in an older version of the operating system).
- the second application list L04 includes an identifier W of the second application, an identifier I of the second application, an identifier U of the second application, an identifier T of the second application, and a second application. Identify R.
- Step 603 The terminal detects whether the identifier of the second application belongs to the whitelist.
- the whitelist includes the identity of the non-malicious application. As shown in FIG. 6B, the whitelist includes the identifier of the non-malicious application: the identifier U of the second application, the identifier T of the second application, and The identifier R of the second application.
- the whitelist is pre-stored in the terminal, or the terminal downloads the whitelist from the server.
- the whitelist is updated according to a preset time interval.
- Step 604 If the identifier of the second application does not belong to the whitelist, the terminal cancels the granted permission of the second application by the authorization management process.
- the target application is an application that is filtered by a whitelist of corresponding auxiliary services.
- the terminal maintains authorization for the second application that belongs to the whitelist.
- the terminal traverses to obtain that the identifier W of the second application and the identifier I of the second application do not belong to the whitelist, and cancel the permissions granted by the second application W and the second application 1.
- the terminal maintains the authorization of the second application U, the second application T, and the second application R.
- the terminal displays an authorization management interface 600 of the auxiliary service.
- the authorization management interface 600 includes an identifier U of the second application, an identifier T of the second application, and an identifier R of the second application.
- the management terminal terminal shields and does not display the identifier W of the second application and the identifier I of the second application.
- This embodiment can be implemented in combination with the embodiments shown in Figures 2A, 3A and 4A above.
- the auxiliary service management method filters the application that has been granted the permission provided by the auxiliary service by using the whitelist corresponding to the auxiliary service to obtain the target application, and displays the target application in the authorization management interface.
- the program solves the problem that the malicious application applies the auxiliary service to the Android system, and uses the simulated click function to perform malicious operations without the user's knowledge; and the application that can grant the permission provided by the auxiliary service is achieved. Filtering, canceling the permissions of the application that is not part of the whitelist list, displaying the identity of the filtered non-malicious application in the authorization management interface, shielding the identity of the malicious application, and avoiding the user's permission to grant the auxiliary service to the malicious application. Thereby improving the security of the operating system.
- FIG. 7 is a structural block diagram of an auxiliary service management apparatus according to an embodiment of the present invention.
- the auxiliary service management apparatus may be implemented as part or all of a terminal by software, hardware, or a combination of both.
- the auxiliary service management device may include:
- the requirement determining module 720 is configured to determine whether an application requirement of the right of the auxiliary service is met;
- the interface display module 740 is configured to display when the application requirement of the permission provided by the auxiliary service is met.
- An authorization management interface of the auxiliary service includes an identifier of the target application, and the target application is an application filtered by a blacklist and/or a whitelist corresponding to the auxiliary service;
- the authorization management interface is used for a user interface for the user to grant the target application the rights provided by the auxiliary service.
- the auxiliary service management apparatus obtains the target application by filtering the application by using the blacklist and/or the whitelist corresponding to the auxiliary service, and displays the target application in the authorization management interface.
- the problem of malicious operation is performed without the user's knowledge using the analog click function; the application can be filtered, and the authorization management interface displays the filtered content.
- FIG. 8 is a structural block diagram of an auxiliary service management apparatus according to another embodiment of the present invention.
- the auxiliary service management apparatus may be implemented as part or all of a terminal by software, hardware, or a combination of both.
- the auxiliary service management device may include:
- the interface display module 820 is configured to display an authorization management interface of the auxiliary service when the application requirement of the permission provided by the auxiliary service is met, where the authorization management interface includes an identifier of the target application, and the target application is a blacklist corresponding to the auxiliary service and / or whitelisted list of filtered applications;
- the authorization management interface is used for a user interface for the user to grant the target application the rights provided by the auxiliary service.
- the device also includes:
- the first obtaining module 830 is configured to obtain a first application list, where the first application list includes an identifier of the at least one first application, and the first application is an application that requests the permission provided by the auxiliary service;
- the first filtering module 840 is configured to filter the identifier of the first application according to the blacklist and/or the whitelist to obtain the identifier of the target application.
- the first filtering module 840 includes:
- the first detecting unit 841 is configured to detect whether the identifier of the first application belongs to a blacklist
- the first determining unit 842 is configured to determine the identifier of the first application as the identifier of the target application if the identifier of the first application does not belong to the blacklist.
- the first filtering module 840 includes:
- the second detecting unit 843 is configured to detect whether the identifier of the first application belongs to the whitelist list
- the second determining unit 844 is configured to determine, when the identifier of the first application belongs to the whitelist, the identifier of the first application as the identifier of the target application.
- the device also includes:
- the instruction receiving module 850 is configured to receive, by using an authorization management interface, an authorization instruction of the user to the target application;
- the authority granting module 860 is configured to grant the target application the permission provided by the auxiliary service according to the authorization instruction.
- the device also includes:
- a second obtaining module 870 configured to obtain a second application list, where the second application list includes an identifier of the at least one second application, and the second application is an application that has been granted the permission provided by the auxiliary service;
- the privilege cancellation module 880 is configured to cancel the granted permission of the second application according to the blacklist and/or the whitelist.
- the permission cancellation module 880 includes:
- the third detecting unit 881 is configured to detect whether the identifier of the second application belongs to the blacklist
- the first canceling unit 882 is configured to cancel the granted permission of the second application by the authorization management process if the identifier of the second application belongs to the blacklist.
- the permission cancellation module 880 includes:
- the fourth detecting unit 883 is configured to detect whether the identifier of the second application belongs to the whitelist list
- the second canceling unit 884 is configured to cancel the granted permission of the second application by the authorization management process if the identifier of the second application does not belong to the whitelist.
- the device also includes:
- the setting module 890 is configured to set, by using a cloud server, a target application included in the authorization management interface.
- Setting module 890 includes:
- the list downloading unit 891 is configured to download a blacklist list and/or a whitelist list from the cloud server according to a predetermined time rule, where the blacklist list and/or the whitelist list are updated in the cloud server.
- the auxiliary service management apparatus obtains the target application by filtering the application by using the blacklist and/or the whitelist corresponding to the auxiliary service, and displays the target application in the authorization management interface.
- the problem of malicious operation is performed without the user's knowledge using the analog click function; the application can be filtered, and the authorization management interface displays the filtered content.
- the target application is also filtered by using the blacklist list and/or the whitelist corresponding to the auxiliary service to filter the application that has been granted the permission provided by the auxiliary service, and the target application is displayed in the authorization management interface;
- the application that has been granted the permission provided by the auxiliary service filters, removes the permissions of the application that belongs to the blacklist and/or does not belong to the whitelist, and displays the identity of the filtered non-malicious application in the authorization management interface to block the malicious application.
- the identification of the program improves the security of the operating system.
- the blacklist and/or whitelist are updated through the cloud server, which improves the accuracy of blocking malicious applications.
- FIG. 9 shows a block diagram of a terminal 900 provided by an embodiment of the present invention.
- the terminal may include a radio frequency (RF) circuit 901, a memory 902 including one or more computer readable storage media, an input unit 903, a display unit 904, a sensor 905, an audio circuit 906, and wireless fidelity (WiFi,
- the Wireless Fidelity module 907 includes a processor 908 having one or more processing cores and a power supply 909 and the like. It will be understood by those skilled in the art that the terminal structure shown in FIG. 9 does not constitute a limitation to the terminal, and may include more or less components than those illustrated, or combine some components, or different component arrangements. among them:
- the RF circuit 901 can be used for receiving and transmitting signals during and after receiving or transmitting information, in particular, after receiving downlink information of the base station, and processing it by one or more processors 908; in addition, transmitting data related to the uplink to the base station.
- the RF circuit 901 includes, but is not limited to, an antenna, at least one amplifier, a tuner, one or more oscillators, a Subscriber Identity Module (SIM) card, a transceiver, a coupler, and a low noise amplifier (LNA, Low Noise Amplifier), duplexer, etc.
- SIM Subscriber Identity Module
- LNA Low Noise Amplifier
- the wireless communication may use any communication standard or protocol, including but not limited to Global System of Mobile communication (GSM), General Packet Radio Service (GPRS), and Code Division Multiple Access (CDMA). , Code Division Multiple Access), Wideband Code Division Multiple Access (WCDMA), Long Term Evolution (LTE), e-mail, Short Messaging Service (SMS), and the like.
- GSM Global System of Mobile communication
- GPRS General Packet Radio Service
- CDMA Code Division Multiple Access
- WCDMA Wideband Code Division Multiple Access
- LTE Long Term Evolution
- SMS Short Messaging Service
- the memory 902 can be used to store software programs and modules, and the processor 908 executes various functional applications and data processing by running software programs and modules stored in the memory 902.
- the memory 902 may mainly include a storage program area and a storage data area, wherein the storage program area may store an operating system, an application required for at least one function (such as a sound playing function, an image playing function, etc.), and the like; the storage data area may be stored according to Data created by the use of the terminal (such as audio data, phone book, etc.).
- memory 902 can include high speed random access memory, and can also include non-volatile memory, such as at least one magnetic disk storage device, flash memory device, or other volatile solid state storage device. Accordingly, memory 902 may also include a memory controller to provide access to memory 902 by processor 908 and input unit 903.
- the input unit 903 can be configured to receive input numeric or character information and to generate keyboard, mouse, joystick, optical or trackball signal inputs related to user settings and function controls.
- input unit 903 can include a touch-sensitive surface as well as other input devices.
- Touch-sensitive surfaces also known as touch screens or trackpads, collect touch operations on or near the user (such as the user using a finger, stylus, etc., any suitable object or accessory on a touch-sensitive surface or touch-sensitive Operation near the surface), and drive the corresponding connecting device according to a preset program.
- the touch sensitive surface may include two parts of a touch detection device and a touch controller.
- the touch detection device detects the touch orientation of the user, and detects a signal brought by the touch operation, and transmits the signal to the touch controller; the touch controller receives the touch information from the touch detection device, converts the touch information into contact coordinates, and sends the touch information.
- the processor 908 is provided and can receive commands from the processor 908 and execute them. In addition, it can be resistive, Capacitive, infrared, and surface acoustic waves are available in a variety of types to achieve a touch-sensitive surface.
- the input unit 903 can also include other input devices. Specifically, other input devices may include, but are not limited to, one or more of a physical keyboard, function keys (such as volume control buttons, switch buttons, etc.), trackballs, mice, joysticks, and the like.
- Display unit 904 can be used to display information entered by the user or information provided to the user, as well as various graphical user interfaces of the terminal, which can be composed of graphics, text, icons, video, and any combination thereof.
- the display unit 904 is configured to display an authorization management interface of the auxiliary service, and the authorization management interface includes an identifier of the target application.
- the display unit 904 can include a display panel.
- the display panel can be configured in the form of a Liquid Crystal Display (LCD), an Organic Light-Emitting Diode (OLED), or the like.
- the touch-sensitive surface can cover the display panel, and when the touch-sensitive surface detects a touch operation thereon or nearby, it is transmitted to the processor 908 to determine the type of the touch event, and then the processor 908 displays the type according to the type of the touch event. A corresponding visual output is provided on the panel.
- the touch-sensitive surface and display panel are implemented as two separate components to implement input and input functions, in some embodiments, the touch-sensitive surface can be integrated with the display panel to implement input and output functions.
- the terminal may also include at least one type of sensor 905, such as a light sensor, motion sensor, and other sensors.
- the light sensor may include an ambient light sensor and a proximity sensor, wherein the ambient light sensor may adjust the brightness of the display panel according to the brightness of the ambient light, and the proximity sensor may close the display panel and/or the backlight when the terminal moves to the ear.
- the gravity acceleration sensor can detect the magnitude of acceleration in all directions (usually three axes). When it is stationary, it can detect the magnitude and direction of gravity.
- the terminal can also be configured with gyroscopes, barometers, hygrometers, thermometers, infrared sensors and other sensors, no longer Narration.
- the audio circuit 906, the speaker, and the microphone provide an audio interface between the user and the terminal.
- the audio circuit 906 can transmit the converted electrical signal of the audio data to the speaker, and convert it into a sound signal output by the speaker; on the other hand, the microphone converts the collected sound signal into an electrical signal, which is received by the audio circuit 906 and then converted.
- the audio data output processor 908 After the audio data is processed by the audio data output processor 908, it is sent to, for example, another terminal via the RF circuit 901, or the audio data is output to the memory 902 for further processing.
- the audio circuit 906 may also include an earbud jack to provide communication between the peripheral earphone and the terminal.
- WiFi is a short-range wireless transmission technology.
- the terminal can help users to send and receive emails, browse web pages, and access streaming media through the WiFi module 907. It provides wireless broadband Internet access for users.
- FIG. 9 shows the WiFi module 907, it can be understood that it does not belong to the necessary configuration of the terminal, and may be omitted as needed within the scope of not changing the essence of the invention.
- the processor 908 is the control center of the terminal, which connects various portions of the entire handset using various interfaces and lines, by executing or executing software programs and/or modules stored in the memory 902, and invoking data stored in the memory 902, executing The various functions of the terminal and processing data to monitor the mobile phone as a whole.
- the processor 908 may include one or more processing cores; preferably, the processor 908 may integrate an application processor and a modem processor, where the application processor mainly processes an operating system, a user interface, an application, and the like.
- the modem processor primarily handles wireless communications. It will be appreciated that the above described modem processor may also not be integrated into the processor 908.
- the terminal also includes a power source 909 (such as a battery) that supplies power to the various components.
- the power source can be logically coupled to the processor 908 through a power management system to manage functions such as charging, discharging, and power management through the power management system.
- the power supply 909 may also include any one or more of a DC or AC power source, a recharging system, a power failure detection circuit, a power converter or inverter, a power status indicator, and the like.
- the terminal may further include a Bluetooth module or the like, and details are not described herein again.
- the processor 908 in the terminal runs one or more program instructions stored in the memory 902, thereby implementing the auxiliary service management method provided in the foregoing various method embodiments.
- the program may be stored in a computer readable storage medium, and the storage medium may include: Read Only Memory (ROM), Random Access Memory (RAM), disk or optical disk.
- ROM Read Only Memory
- RAM Random Access Memory
- a person skilled in the art may understand that all or part of the steps of implementing the above embodiments may be completed by hardware, or may be instructed by a program to execute related hardware, and the program may be stored in a computer readable storage medium.
- the storage medium mentioned may be a read only memory, a magnetic disk or an optical disk or the like.
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Theoretical Computer Science (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Stored Programmes (AREA)
Abstract
一种辅助服务管理方法及装置,涉及信息安全领域,所述方法包括:确定是否满足辅助服务的权限申请需求(202);当满足辅助服务的权限申请需求时,显示辅助服务的授权管理界面,授权管理界面包括目标应用程序的标识,目标应用程序是通过辅助服务对应的黑名单列表和/或白名单列表进行过滤后的应用程序(204)。上述方法能够对应用程序进行过滤,屏蔽恶意应用程序,避免用户对恶意应用程序授予辅助服务提供的权限,从而提高了操作系统的安全性。
Description
本发明实施例涉及信息安全领域,特别涉及一种辅助服务管理方法及装置。
辅助服务(accessibility service)是在Android系统中针对有障碍人群所提供的服务。有障碍人群包括盲人、聋哑人、存在肢体障碍的人等。
发明内容
为了解决相关技术的问题,本发明实施例提供了一种辅助服务管理方法及装置。所述技术方案如下:
第一方面,提供了一种辅助服务管理方法,所述方法包括:
当满足辅助服务提供的权限的申请需求时,显示辅助服务的授权管理界面,所述授权管理界面包括目标应用程序的标识,所述目标应用程序是通过所述辅助服务对应的黑名单列表和/或白名单列表进行过滤后的应用程序;
其中,所述授权管理界面用于供用户向所述目标应用程序授予所述辅助服务提供的权限的用户界面。
在一个实施例中,所述方法还包括:
获取第一应用程序列表,所述第一应用程序列表包括至少一个第一应用程序的标识,所述第一应用程序是申请所述辅助服务提供的权限的应用程序;
根据所述黑名单列表和/或所述白名单列表对所述第一应用程序的标识进行过滤,得到所述目标应用程序的标识。
在一个实施例中,所述根据所述黑名单列表对所述第一应用程序的标识进行过滤,得到所述目标应用程序的标识,包括:
检测所述第一应用程序的标识是否属于所述黑名单列表;
若所述第一应用程序的标识不属于所述黑名单列表,则将所述第一应用程序的标识确定为所述目标应用程序的标识。
在一个实施例中,所述根据所述白名单列表对所述第一应用程序的标识进行过滤,得到所述目标应用程序的标识,包括:
检测所述第一应用程序的标识是否属于所述白名单列表;
若所述第一应用程序的标识属于所述白名单列表,则将所述第一应用程序的标识确定为所述目标应用程序的标识。
在一个实施例中,所述方法还包括:
通过所述授权管理界面接收用户对所述目标应用程序的授权指令;
根据所述授权指令向所述目标应用程序授予所述辅助服务提供的权限。
在一个实施例中,所述方法还包括:
获取第二应用程序列表,所述第二应用程序列表包括至少一个第二应用程序的标识,所述第二应用程序是已授予所述辅助服务提供的权限的应用程序;
根据所述黑名单列表和/或所述白名单列表对所述第二应用程序的已授予的所述权限进行取消。
在一个实施例中,所述根据所述黑名单列表对所述第二应用程序的已授予的所述权限进行取消,包括:
检测所述第二应用程序的标识是否属于所述黑名单列表;
若所述第二应用程序的标识属于所述黑名单列表,则通过授权管理进程对所述第二应用程序的已授予的权限进行取消。
在一个实施例中,所述根据所述白名单列表对所述第二应用程序的已授予的所述权限进行取消,包括:
检测所述第二应用程序的标识是否属于所述白名单列表;
若所述第二应用程序的标识不属于所述白名单列表,则通过授权管理进程对所述第二应用程序的已授予的权限进行取消。
在一个实施例中,所述方法还包括:
通过云端服务器对所述授权管理界面包括的目标应用程序进行设置。
在一个实施例中,所述通过云端服务器对所述授权管理界面包括的目标应用程序进行设置,包括:
按照预定时间规则从云端服务器下载所述黑名单列表和/或所述白名单列表,所述黑名单列表和/或所述白名单列表是在所述云端服务器更新过的列表。
第二方面,提供了一种辅助服务管理装置,所述装置包括:
界面显示模块,用于当满足辅助服务提供的权限的申请需求时,显示辅助
服务的授权管理界面,所述授权管理界面包括目标应用程序的标识,所述目标应用程序是通过所述辅助服务对应的黑名单列表和/或白名单列表进行过滤后的应用程序;
其中,所述授权管理界面用于供用户向所述目标应用程序授予所述辅助服务提供的权限的用户界面。
在一个实施例中,所述装置还包括:
第一获取模块,用于获取第一应用程序列表,所述第一应用程序列表包括至少一个第一应用程序的标识,所述第一应用程序是申请所述辅助服务提供的权限的应用程序;
第一过滤模块,用于根据所述黑名单列表和/或所述白名单列表对所述第一应用程序的标识进行过滤,得到所述目标应用程序的标识。
在一个实施例中,所述第一过滤模块,包括:
第一检测单元,用于检测所述第一应用程序的标识是否属于所述黑名单列表;
第一确定单元,用于若所述第一应用程序的标识不属于所述黑名单列表,则将所述第一应用程序的标识确定为所述目标应用程序的标识。
在一个实施例中,所述第一过滤模块,包括:
第二检测单元,用于检测所述第一应用程序的标识是否属于所述白名单列表;
第二确定单元,用于若所述第一应用程序的标识属于所述白名单列表,则将所述第一应用程序的标识确定为所述目标应用程序的标识。
在一个实施例中,所述装置还包括:
指令接收模块,用于通过所述授权管理界面接收用户对所述目标应用程序的授权指令;
权限授予模块,用于根据所述授权指令向所述目标应用程序授予所述辅助服务提供的权限。
在一个实施例中,所述装置还包括:
第二获取模块,用于获取第二应用程序列表,所述第二应用程序列表包括至少一个第二应用程序的标识,所述第二应用程序是已授予所述辅助服务提供的权限的应用程序;
权限取消模块,用于根据所述黑名单列表和/或所述白名单列表对所述第二
应用程序的已授予的所述权限进行取消。
在一个实施例中,所述权限取消模块,包括:
第三检测单元,用于检测所述第二应用程序的标识是否属于所述黑名单列表;
第一取消单元,用于若所述第二应用程序的标识属于所述黑名单列表,则通过授权管理进程对所述第二应用程序的已授予的权限进行取消。
在一个实施例中,所述权限取消模块,包括:
第四检测单元,用于检测所述第二应用程序的标识是否属于所述白名单列表;
第二取消单元,用于若所述第二应用程序的标识不属于所述白名单列表,则通过授权管理进程对所述第二应用程序的已授予的权限进行取消。
在一个实施例中,所述装置还包括:
设置模块,用于通过云端服务器对所述授权管理界面包括的目标应用程序进行设置。
在一个实施例中,所述设置模块,包括:
列表下载单元,用于按照预定时间规则从云端服务器下载所述黑名单列表和/或所述白名单列表,所述黑名单列表和/或所述白名单列表是在所述云端服务器更新过的列表。
第三方面,提供了一种辅助服务管理装置,包括:
处理器;
用于存储所述处理器的可执行指令的存储器;
其中,所述处理器被配置为:
当满足辅助服务提供的权限的申请需求时,显示辅助服务的授权管理界面,所述授权管理界面包括目标应用程序的标识,所述目标应用程序是通过所述辅助服务对应的黑名单列表和/或白名单列表进行过滤后的应用程序;
其中,所述授权管理界面用于供用户向所述目标应用程序授予所述辅助服务提供的权限的用户界面。
本发明实施例提供的技术方案的有益效果是:
通过使用辅助服务对应的黑名单列表和/或白名单列表对应用程序进行过滤得到目标应用程序,在授权管理界面中显示目标应用程序,解决了恶意的应用程序向Android系统申请辅助服务的权限后,使用模拟点击功能在用户不知
情的情况下进行恶意操作的问题;达到了能够对应用程序进行过滤,授权管理界面中显示过滤后的非恶意应用程序的标识,屏蔽恶意应用程序的标识,避免用户对恶意应用程序授予辅助服务提供的权限,从而提高了操作系统的安全性的效果。
为了更清楚地说明本发明实施例中的技术方案,下面将对实施例描述中所需要使用的附图作简单地介绍,显而易见地,下面描述中的附图仅仅是本发明的一些实施例,对于本领域普通技术人员来讲,在不付出创造性劳动的前提下,还可以根据这些附图获得其他的附图。
图1是本发明实施例提供的涉及的一种辅助功能界面的示意图;
图2A是本发明一个实施例提供的辅助服务管理方法的流程图;
图2B是本发明一个实施例提供的辅助服务管理界面的示意图;
图3A是本发明另一个实施例提供的辅助服务管理方法的流程图;
图3B是本发明另一个实施例提供的辅助服务管理界面的示意图;
图3C是本发明另一个实施例提供的辅助服务管理界面的示意图;
图4A是本发明另一个实施例提供的辅助服务管理方法的流程图;
图4B是本发明另一个实施例提供的辅助服务管理界面的示意图;
图5A是本发明另一个实施例提供的辅助服务管理方法的流程图;
图5B是本发明另一个实施例提供的辅助服务管理界面的示意图;
图5C是本发明另一个实施例提供的辅助服务管理界面的示意图;
图6A是本发明另一个实施例提供的辅助服务管理方法的流程图;
图6B是本发明另一个实施例提供的辅助服务管理界面的示意图;
图7是本发明一个实施例提供的辅助服务管理装置的结构方框图;
图8是本发明另一个实施例提供的辅助服务管理装置的结构方框图;
图9是本发明一个实施例提供的终端的结构示意图。
为使本发明的目的、技术方案和优点更加清楚,下面将结合附图对本发明实施方式作进一步地详细描述。
本发明各个实施例以辅助服务管理方法应用于终端中进行举例说明。终端可以是手机、平板电脑、电子书阅读器、MP3播放器(Moving Picture Experts Group Audio Layer III,动态影像专家压缩标准音频层面3)、MP4(Moving Picture Experts Group Audio Layer IV,动态影像专家压缩标准音频层面4)播放器、可穿戴设备、膝上型便携计算机和台式计算机等等。
可选地,终端中运行有Android(安卓)操作系统,简称Android系统。该Android操作系统提供有辅助服务(accessibility service),也称辅助功能、无障碍服务、无障碍功能、无障碍辅助功能。在Android系统的系统设置界面,通常提供有辅助服务的设置界面。该设置界面是辅助服务的授权管理界面。
可选地,终端中可运行多个应用程序,应用程序可向终端的操作系统申请辅助服务提供的权限。可选地,辅助服务提供有用于实现声音提示功能的权限,用于实现物理反馈功能的权限,用于实现模拟点击功能的权限、用于实现文本放大功能的权限等。这些权限能够帮助盲人或聋哑人等有障碍人群对终端的使用。
应用程序向Android系统申请到辅助服务的权限后,能够使用辅助服务所提供的各种权限。辅助服务提供的各种权限中,存在用于实现模拟点击功能的权限,模拟点击功能是一种用于帮助盲人点击屏幕的功能。当应用程序具有用于实现模拟点击功能的权限后,能够采用程序指令模拟用户在用户界面上的点击信号,从而控制用户界面上所显示的控件。
如图1所示,在Android系统的系统设置界面中提供有辅助功能对应的用户界面100。该辅助功能对应的用户界面100中显示有所有可申请或已申请到辅助服务的权限的应用程序。
目前,存在一些恶意的应用程序向Android系统申请辅助服务的权限后,使用模拟点击功能在用户不知情的情况下进行恶意操作,恶意操作包括:取得未得到用户授权的权限、卸载竞品应用程序、修改操作系统的系统设置等。
请参考图2A,其示出了本发明一个实施例提供的辅助服务管理方法的界面示意图。本实施例以该辅助服务管理方法应用于终端中进行举例说明。该辅助服务管理方法可以包括如下几个步骤:
步骤202,确定是否满足辅助服务的权限的申请需求;
可选地,申请需求是应用程序在安装包文件中声明了预定代码,该预定代
码是用于申请辅助服务提供的权限的代码。
步骤204,当满足辅助服务权限申请需求时,显示辅助服务的授权管理界面,授权管理界面包括目标应用程序的标识,目标应用程序是通过辅助服务对应的黑名单列表和/或白名单列表进行过滤后的应用程序;
其中,授权管理界面用于供用户向目标应用程序授予辅助服务提供的权限的用户界面。
可选地,目标应用程序的标识是目标应用程序的包名。
如图2B所示,用户点击“更多设置”界面200中的“辅助服务管理”选项,进入辅助服务管理界面210,当满足辅助服务提供的权限的申请需求时,辅助服务管理界面210中显示应用程序的标识001、应用程序的标识002、应用程序的标识003和应用程序的标识004。应用程序的标识001、应用程序的标识002、应用程序的标识003和应用程序的标识004是通过辅助服务对应的黑名单列表和/或白名单列表进行过滤后的应用程序。
综上所述,本实施例提供的辅助服务管理方法,通过使用辅助服务对应的黑名单列表和/或白名单列表对应用程序进行过滤得到目标应用程序,在授权管理界面中显示目标应用程序,解决了恶意的应用程序向Android系统申请辅助服务的权限后,使用模拟点击功能在用户不知情的情况下进行恶意操作的问题;达到了能够对应用程序进行过滤,授权管理界面中显示过滤后的非恶意应用程序的标识,屏蔽恶意应用程序的标识,避免用户对恶意应用程序授予辅助服务提供的权限,从而提高了操作系统的安全性的效果。
请参考图3A,其示出了本发明另一个实施例提供的辅助服务管理方法的流程图。本实施例以该辅助服务管理方法应用于终端中进行举例说明。该辅助服务管理方法可以包括如下几个步骤:
步骤301,终端接收触发信号;
可选地,该触发信号是用于显示辅助服务的授权管理界面的信号。
步骤302,终端获取辅助服务对应的黑名单列表;
可选地,终端预先存储有黑名单列表,该黑名单列表存储有恶意应用程序的标识。恶意应用程序是使用辅助服务提供的权限执行恶意操作的程序。
应用程序的标识用于唯一标识该应用程序。可选地,应用程序的标识是应用程序的包名(packet name)。
步骤303,终端获取第一应用程序列表,第一应用程序列表包括至少一个第一应用程序的标识,第一应用程序是申请辅助服务提供的权限的应用程序。
辅助服务是Android系统中为有障碍人群所提供的服务。
第一应用程序列表中的第一应用程序在安装包文件中声明了预定代码,该预定代码是用于申请辅助服务提供的权限的代码。可选地,Android系统通过调用AccessibilityManager.getInstalledAccessibilityServiceList()函数来获得第一应用程序列表。
第一应用程序列表中的第一应用程序通常是尚未申请到辅助服务提供的权限的应用程序,也可以是已经授予辅助服务提供的权限的应用程序(比如在操作系统的较老版本中获得授权)。
如图3B所示,第一应用程序列表L01包括第一应用程序的标识A、第一应用程序的标识B、第一应用程序的标识C、第一应用程序的标识D、第一应用程序的标识E和第一应用程序的标识F。
步骤304,终端检测第一应用程序的标识是否属于黑名单列表。
黑名单列表中包括恶意应用程序的标识。
如图3B所示,黑名单列表中包括恶意应用程序的标识:第一应用程序的标识B和第一应用程序的标识E。
可选地,终端中预先存储有黑名单列表,或者,终端从服务器中下载黑名单列表。可选地,黑名单列表根据预设时间间隔进行更新。
可选地,终端对第一应用列表中的第一应用程序的标识进行遍历,检测第一应用程序的标识是否属于黑名单列表。
步骤305,若第一应用程序的标识不属于黑名单列表,终端则将第一应用程序的标识确定为目标应用程序的标识。
目标应用程序是通过辅助服务对应的黑名单列表进行过滤后的应用程序。目标应用程序是非恶意的应用程序。
如图3B所示,终端经过遍历得出第一应用程序的标识A、第一应用程序的标识C、第一应用程序的标识D和第一应用程序的标识F不属于黑名单列表,终端将第一应用程序的标识A、第一应用程序的标识C、第一应用程序的标识D和第一应用程序的标识F确定为目标应用程序的标识。
步骤306,终端显示辅助服务的授权管理界面;授权管理界面包括目标应用程序的标识;
目标应用程序是通过辅助服务对应的黑名单列表进行过滤后的应用程序;其中,授权管理界面用于供用户向目标应用程序授予辅助服务提供的权限的用户界面。
可选地,终端屏蔽且不显示属于黑名单列表的第一应用程序的标识。
如图3B所示,终端显示辅助服务的授权管理界面300,授权管理界面300中包括第一应用程序的标识A、第一应用程序的标识C、第一应用程序的标识D和第一应用程序的标识F。终端屏蔽且不显示第一应用程序的标识B和第一应用程序的标识E。
终端显示授权管理界面之后,用户可根据授权管理界面的引导进行相关操作步骤,如下:
步骤307,终端通过授权管理界面接收用户对目标应用程序的授权指令。
用户点击授权管理界面中提供的管理按钮触发授权指令,终端接收用户对目标应用程序的授权指令。
如图3C所示,用户点击授权管理界面300中的第一应用程序的标识A,进入第一应用程序的标识A对应的界面003,界面003中提供授权管理按钮a,用户点击该授权管理按钮a,触发终端对第一应用程序的标识A进行授权。该授权是指向第一应用程序授予辅助服务提供的权限。
可选地,授权指令用于授权开启权限或取消权限。
步骤308,终端根据授权指令向目标应用程序授予辅助服务提供的权限。
比如,终端向游戏应用程序授予“从此自动安装新版本”的权限。从此,该游戏应用程序具有利用模拟点击功能实现自动安装新版本的功能。
需要说明的是,黑名单列表是终端内部预先存储的列表,或者,黑名单列表是云端服务器中收集以及不断更新的列表。
步骤309,终端按照预定时间规则从云端服务器下载黑名单列表,黑名单列表是在云端服务器更新过的列表。
可选地,预定时间规则包括固定时间间隔和/或不固定时间间隔。
终端使用云端服务器下载的黑名单列表对已有的黑名单列表进行更新。
综上所述,本实施例提供的辅助服务管理方法,在申请辅助服务提供的权限的过程中,通过使用辅助服务对应的黑名单列表对应用程序进行过滤得到目标应用程序,在授权管理界面中显示目标应用程序,解决了恶意的应用程序向Android系统申请辅助服务的权限后,使用模拟点击功能在用户不知情的情况
下进行恶意操作的问题;达到了能够对应用程序进行过滤,授权管理界面中显示过滤后的非恶意应用程序的标识,屏蔽恶意应用程序的标识,避免用户对恶意应用程序授予辅助服务提供的权限,从而提高了操作系统的安全性的效果。
另外,还通过云端服务器对黑名单列表进行更新,提高了屏蔽恶意应用程序的精确度。
请参考图4A,其示出了本发明另一个实施例提供的辅助服务管理方法的流程图。本实施例以该辅助服务管理方法应用于终端中进行举例说明。该辅助服务管理方法可以包括如下几个步骤:
步骤401,终端接收触发信号;
可选地,该触发信号是用于显示辅助服务的授权管理界面的信号。
步骤402,终端获取辅助服务对应的白名单列表;
可选地,终端预先存储有白名单列表,该白名单列表存储有非恶意应用程序的标识。非恶意应用程序是使用辅助服务提供的权限执行正常操作的程序。
应用程序的标识用于唯一标识该应用程序。可选地,应用程序的标识是应用程序的包名(packet name)。
步骤403,终端获取第一应用程序列表,第一应用程序列表包括至少一个第一应用程序的标识,第一应用程序是申请辅助服务提供的权限的应用程序。
辅助服务是Android系统中为有障碍人群所提供的服务。
第一应用程序列表中的第一应用程序在安装包文件中声明了预定代码,该预定代码是用于申请辅助服务提供的权限的代码。可选地,Android系统通过调用AccessibilityManager.getInstalledAccessibilityServiceList()函数来获得第一应用程序列表。
第一应用程序列表中的第一应用程序通常是尚未申请到辅助服务提供的权限的应用程序,也可以是已经授予辅助服务提供的权限的应用程序(比如在操作系统的较老版本中获得授权)。
如图4B所示,第一应用程序列表L02包括第一应用程序的标识X、第一应用程序的标识Y、第一应用程序的标识Z、第一应用程序的标识O、第一应用程序的标识P和第一应用程序的标识Q。
步骤404,终端检测第一应用程序的标识是否属于白名单列表。
白名单列表包括非恶意应用程序的标识。
如图4B所示,白名单列表中包括非恶意应用程序的标识:第一应用程序的标识X、第一应用程序的标识Y、第一应用程序的标识Z、第一应用程序的标识O。
可选地,终端中预先存储有白名单列表,或者,终端从服务器中下载白名单列表。可选地,白名单列表根据预设时间间隔进行更新。
可选地,终端对第一应用列表中的第一应用程序的标识进行遍历,检测第一应用程序的标识是否属于白名单列表。
步骤405,若第一应用程序的标识属于白名单列表,终端则将第一应用程序的标识确定为目标应用程序的标识。
目标应用程序是通过辅助服务对应的白名单列表进行过滤后的应用程序。
如图4B所示,终端经过遍历得出第一应用程序的标识X、第一应用程序的标识Y、第一应用程序的标识Z、第一应用程序的标识O属于白名单列表。终端则将第一应用程序的标识X、第一应用程序的标识Y、第一应用程序的标识Z、第一应用程序的标识O确定为目标应用程序的标识。
步骤406,终端显示辅助服务的授权管理界面,授权管理界面包括目标应用程序的标识;
目标应用程序是通过辅助服务对应的白名单列表进行过滤后的应用程序;其中,授权管理界面用于供用户向目标应用程序授予辅助服务提供的权限的用户界面。
可选地,终端屏蔽且不显示不属于白名单列表的第一应用程序的标识。
如图4B所示,终端显示辅助服务的授权管理界面400,授权管理界面400中包括第一应用程序的标识X、第一应用程序的标识Y、第一应用程序的标识Z、第一应用程序的标识O。终端屏蔽且不显示第一应用程序的标识P和第一应用程序的标识Q。
终端显示授权管理界面之后,用户可根据授权管理界面的引导进行相关操作步骤,如下:
步骤407,终端通过授权管理界面接收用户对目标应用程序的授权指令。
用户点击授权管理界面中提供的管理按钮触发授权指令,终端接收用户对目标应用程序的授权指令。该授权是指向第一应用程序授予辅助服务提供的权限。
步骤408,终端根据授权指令向目标应用程序授予辅助服务提供的权限。
比如,终端向游戏应用程序授予“从此自动安装新版本”的权限。从此,该游戏应用程序具有利用模拟点击功能实现自动安装新版本的功能。
需要说明的是,白名单列表是终端内部预先存储的列表,或者,白名单列表是云端服务器中收集以及不断更新的列表。
步骤409,终端按照预定时间规则从云端服务器下载白名单列表,白名单列表是在云端服务器更新过的列表。
可选地,预定时间规则包括固定时间间隔和/或不固定时间间隔。
终端使用云端服务器下载的白名单列表对已有的白名单列表进行更新。
综上所述,本实施例提供的辅助服务管理方法,在申请辅助服务提供的权限的过程中,通过使用辅助服务对应的白名单列表对应用程序进行过滤得到目标应用程序,在授权管理界面中显示目标应用程序,解决了恶意的应用程序向Android系统申请辅助服务的权限后,使用模拟点击功能在用户不知情的情况下进行恶意操作的问题;达到了能够对应用程序进行过滤,授权管理界面中显示过滤后的非恶意应用程序的标识,屏蔽恶意应用程序的标识,避免用户对恶意应用程序授予辅助服务提供的权限,从而提高了操作系统的安全性的效果。
另外,还通过云端服务器对白名单列表进行更新,提高了屏蔽恶意应用程序的精确度。
请参考图5A,其示出了本发明另一个实施例提供的辅助服务管理方法的流程图。本实施例以该辅助服务管理方法应用于终端中进行举例说明。该辅助服务管理方法可以包括如下几个步骤:
步骤501,在OTA升级后,终端获取辅助服务对应的黑名单列表。
OTA(Over-the-Air Technology,空间下载技术)升级后,终端从OTA升级包中获取辅助服务对应的黑名单列表。
黑名单列表存储有恶意应用程序的标识。恶意应用程序是使用辅助服务提供的权限执行恶意操作的程序。
应用程序的标识用于唯一标识该应用程序。可选地,应用程序的标识是应用程序的包名(packet name)。
步骤502,终端获取第二应用程序列表,第二应用程序列表包括至少一个第二应用程序的标识,第二应用程序是已授予辅助服务提供的权限的应用程序。
辅助服务是Android系统中为有障碍人群所提供的服务。
第二应用程序列表中的第二应用程序通常是已经授予辅助服务提供的权限的应用程序(比如在操作系统的较老版本中获得授权)。
比如,已经被授予“从此自动安装新版本”权限的第二应用程序V。
如图5B所示,第二应用程序列表L03包括第二应用程序的标识K、第二应用程序的标识J、第二应用程序的标识H和第二应用程序的标识G。
步骤503,终端检测第二应用程序的标识是否属于黑名单列表。
黑名单列表中包括恶意应用程序的标识。如图5B所示,黑名单列表中包括恶意应用程序的标识:第二应用程序的标识G。
可选地,终端中预先存储有黑名单列表,或者,终端从服务器中下载黑名单列表。可选地,黑名单列表根据预设时间间隔进行更新。
可选地,终端对第二应用列表中的第二应用程序的标识进行遍历,检测第二应用程序的标识是否属于黑名单列表。
步骤504,若第二应用程序的标识属于黑名单列表,终端则通过授权管理进程对第二应用程序的已授予的权限进行取消。
对第二应用程序的已授予的权限进行取消是指该第二应用程序不再具有已授予的权限。比如,第二应用程序G具有权限“从此自动安装新版本”,取消已授予的权限之后,则第二应用程序G不再具有“从此自动安装新版本”的权限。
若第二应用程序的标识不属于黑名单列表,终端则保持对不属于黑名单列表的第二应用程序的授权。
如图5B所示,终端经过遍历得出第二应用程序的标识G属于黑名单列表,取消第二应用程序G已授予的权限。终端保持第二应用程序K、第二应用程序J和第二应用程序H的授权。管理终端终端显示辅助服务的授权管理界面500,授权管理界面500中包括第二应用程序的标识K、第二应用程序的标识J和第二应用程序的标识H。管理终端终端屏蔽且不显示第二应用程序的标识G。
又比如图5C所示,原授权管理界面005中包括第二应用程序的标识K、第二应用程序的标识J、第二应用程序的标识H和第二应用程序的标识G,取消第二应用程序G的权限后,授权管理界面500中包括第二应用程序的标识K、第二应用程序的标识J和第二应用程序的标识H。
本实施例可与上述图2A、图3A和图4A所示实施例结合实施。
综上所述,本实施例提供的辅助服务管理方法,通过使用辅助服务对应的黑名单列表对已授予辅助服务提供的权限的应用程序进行过滤得到目标应用程序,在授权管理界面中显示目标应用程序,解决了恶意的应用程序向Android系统申请辅助服务的权限后,使用模拟点击功能在用户不知情的情况下进行恶意操作的问题;达到了能够对已授予辅助服务提供的权限的应用程序进行过滤,取消属于黑名单列表的应用程序的权限,授权管理界面中显示过滤后的非恶意应用程序的标识,屏蔽恶意应用程序的标识,避免用户对恶意应用程序授予辅助服务提供的权限,从而提高了操作系统的安全性的效果。
请参考图6A,其示出了本发明另一个实施例提供的辅助服务管理方法的流程图。本实施例以该辅助服务管理方法应用于终端中进行举例说明。该辅助服务管理方法可以包括如下几个步骤:
步骤601,在OTA升级后,终端获取辅助服务对应的白名单列表。
OTA(Over-the-Air Technology,空间下载技术)升级后,终端从OTA升级包中获取辅助服务对应的白名单列表。
白名单列表存储有非恶意应用程序的标识。非恶意应用程序是使用辅助服务提供的权限执行正常操作的程序。
应用程序的标识用于唯一标识该应用程序。可选地,应用程序的标识是应用程序的包名(packet name)。
步骤602,终端获取第二应用程序列表,第二应用程序列表包括至少一个第二应用程序的标识,第二应用程序是已授予辅助服务提供的权限的应用程序。
辅助服务是Android系统中为有障碍人群所提供的服务。
第二应用程序列表中的第二应用程序通常是已经授予辅助服务提供的权限的应用程序(比如在操作系统的较老版本中获得授权)。
如图6B所示,第二应用程序列表L04包括第二应用程序的标识W、第二应用程序的标识I、第二应用程序的标识U、第二应用程序的标识T和第二应用程序的标识R。
步骤603,终端检测第二应用程序的标识是否属于白名单列表。
白名单列表包括非恶意应用程序的标识。如图6B所示,白名单列表中包括非恶意应用程序的标识:第二应用程序的标识U、第二应用程序的标识T和
第二应用程序的标识R。
可选地,终端中预先存储有白名单列表,或者,终端从服务器中下载白名单列表。可选地,白名单列表根据预设时间间隔进行更新。
步骤604,若第二应用程序的标识不属于白名单列表,终端则通过授权管理进程对第二应用程序的已授予的权限进行取消。
目标应用程序是通过辅助服务对应的白名单列表进行过滤后的应用程序。
若第二应用程序的标识属于白名单列表,终端则保持对属于白名单列表的第二应用程序的授权。
如图6B所示,终端经过遍历得出第二应用程序的标识W和第二应用程序的标识I不属于白名单列表,取消第二应用程序W和第二应用程序I已授予的权限。终端保持第二应用程序U、第二应用程序T和第二应用程序R的授权。终端显示辅助服务的授权管理界面600,授权管理界面600中包括第二应用程序的标识U、第二应用程序的标识T和第二应用程序的标识R。管理终端终端屏蔽且不显示第二应用程序的标识W和第二应用程序的标识I。
本实施例可与上述图2A、图3A和图4A所示实施例结合实施。
综上所述,本实施例提供的辅助服务管理方法,通过使用辅助服务对应的白名单列表对已授予辅助服务提供的权限的应用程序进行过滤得到目标应用程序,在授权管理界面中显示目标应用程序,解决了恶意的应用程序向Android系统申请辅助服务的权限后,使用模拟点击功能在用户不知情的情况下进行恶意操作的问题;达到了能够对已授予辅助服务提供的权限的应用程序进行过滤,取消属于不属于白名单列表的应用程序的权限,授权管理界面中显示过滤后的非恶意应用程序的标识,屏蔽恶意应用程序的标识,避免用户对恶意应用程序授予辅助服务提供的权限,从而提高了操作系统的安全性的效果。
下述为本发明装置实施例,可以用于执行本发明方法实施例。对于本发明装置实施例中未披露的细节,请参照本发明方法实施例。
请参考图7,其示出了本发明一个实施例提供的辅助服务管理装置的结构方框图,该辅助服务管理装置可通过软件、硬件或者两者的结合实现成为终端的部分或者全部。该辅助服务管理装置可以包括:
需求确定模块720,用于确定是否满足辅助服务的权限的申请需求;
界面显示模块740,用于当满足辅助服务提供的权限的申请需求时,显示
辅助服务的授权管理界面,授权管理界面包括目标应用程序的标识,目标应用程序是通过辅助服务对应的黑名单列表和/或白名单列表进行过滤后的应用程序;
其中,授权管理界面用于供用户向目标应用程序授予辅助服务提供的权限的用户界面。
综上所述,本实施例提供的辅助服务管理装置,通过使用辅助服务对应的黑名单列表和/或白名单列表对应用程序进行过滤得到目标应用程序,在授权管理界面中显示目标应用程序,解决了恶意的应用程序向Android系统申请辅助服务的权限后,使用模拟点击功能在用户不知情的情况下进行恶意操作的问题;达到了能够对应用程序进行过滤,授权管理界面中显示过滤后的非恶意应用程序的标识,屏蔽恶意应用程序的标识,避免用户对恶意应用程序授予辅助服务提供的权限,从而提高了操作系统的安全性的效果。
请参考图8,其示出了本发明另一个实施例提供的辅助服务管理装置的结构方框图,该辅助服务管理装置可通过软件、硬件或者两者的结合实现成为终端的部分或者全部。该辅助服务管理装置可以包括:
界面显示模块820,用于当满足辅助服务提供的权限的申请需求时,显示辅助服务的授权管理界面,授权管理界面包括目标应用程序的标识,目标应用程序是通过辅助服务对应的黑名单列表和/或白名单列表进行过滤后的应用程序;
其中,授权管理界面用于供用户向目标应用程序授予辅助服务提供的权限的用户界面。
在一个实施例中,
该装置还包括:
第一获取模块830,用于获取第一应用程序列表,第一应用程序列表包括至少一个第一应用程序的标识,第一应用程序是申请辅助服务提供的权限的应用程序;
第一过滤模块840,用于根据黑名单列表和/或白名单列表对第一应用程序的标识进行过滤,得到目标应用程序的标识。
在一个实施例中,
第一过滤模块840,包括:
第一检测单元841,用于检测第一应用程序的标识是否属于黑名单列表;
第一确定单元842,用于若第一应用程序的标识不属于黑名单列表,则将第一应用程序的标识确定为目标应用程序的标识。
在一个实施例中,
第一过滤模块840,包括:
第二检测单元843,用于检测第一应用程序的标识是否属于白名单列表;
第二确定单元844,用于若第一应用程序的标识属于白名单列表,则将第一应用程序的标识确定为目标应用程序的标识。
在一个实施例中,
该装置还包括:
指令接收模块850,用于通过授权管理界面接收用户对目标应用程序的授权指令;
权限授予模块860,用于根据授权指令向目标应用程序授予辅助服务提供的权限。
在一个实施例中,
该装置还包括:
第二获取模块870,用于获取第二应用程序列表,第二应用程序列表包括至少一个第二应用程序的标识,第二应用程序是已授予辅助服务提供的权限的应用程序;
权限取消模块880,用于根据黑名单列表和/或白名单列表对第二应用程序的已授予的权限进行取消。
在一个实施例中,
权限取消模块880,包括:
第三检测单元881,用于检测第二应用程序的标识是否属于黑名单列表;
第一取消单元882,用于若第二应用程序的标识属于黑名单列表,则通过授权管理进程对第二应用程序的已授予的权限进行取消。
在一个实施例中,
权限取消模块880,包括:
第四检测单元883,用于检测第二应用程序的标识是否属于白名单列表;
第二取消单元884,用于若第二应用程序的标识不属于白名单列表,则通过授权管理进程对第二应用程序的已授予的权限进行取消。
在一个实施例中,
该装置还包括:
设置模块890,用于通过云端服务器对授权管理界面包括的目标应用程序进行设置。
在一个实施例中,
设置模块890,包括:
列表下载单元891,用于按照预定时间规则从云端服务器下载黑名单列表和/或白名单列表,黑名单列表和/或白名单列表是在云端服务器更新过的列表。
综上所述,本实施例提供的辅助服务管理装置,通过使用辅助服务对应的黑名单列表和/或白名单列表对应用程序进行过滤得到目标应用程序,在授权管理界面中显示目标应用程序,解决了恶意的应用程序向Android系统申请辅助服务的权限后,使用模拟点击功能在用户不知情的情况下进行恶意操作的问题;达到了能够对应用程序进行过滤,授权管理界面中显示过滤后的非恶意应用程序的标识,屏蔽恶意应用程序的标识,避免用户对恶意应用程序授予辅助服务提供的权限,从而提高了操作系统的安全性的效果。
此外,还通过使用辅助服务对应的黑名单列表和/或白名单列表对已授予辅助服务提供的权限的应用程序进行过滤得到目标应用程序,在授权管理界面中显示目标应用程序;达到了能够对已授予辅助服务提供的权限的应用程序进行过滤,取消属于黑名单列表和/或不属于白名单列表的应用程序的权限,授权管理界面中显示过滤后的非恶意应用程序的标识,屏蔽恶意应用程序的标识,提高了操作系统的安全性的效果。
另外,还通过云端服务器对黑名单列表和/或白名单列表进行更新,提高了屏蔽恶意应用程序的精确度。
图9其示出了本发明一个实施例提供的终端900的框图。该终端可以包括射频(RF,Radio Frequency)电路901、包括有一个或一个以上计算机可读存储介质的存储器902、输入单元903、显示单元904、传感器905、音频电路906、无线保真(WiFi,Wireless Fidelity)模块907、包括有一个或者一个以上处理核心的处理器908以及电源909等部件。本领域技术人员可以理解,图9中示出的终端结构并不构成对终端的限定,可以包括比图示更多或更少的部件,或者组合某些部件,或者不同的部件布置。其中:
RF电路901可用于收发信息或通话过程中,信号的接收和发送,特别地,将基站的下行信息接收后,交由一个或者一个以上处理器908处理;另外,将涉及上行的数据发送给基站。通常,RF电路901包括但不限于天线、至少一个放大器、调谐器、一个或多个振荡器、用户身份模块(SIM,Subscriber Identity Module)卡、收发信机、耦合器、低噪声放大器(LNA,Low Noise Amplifier)、双工器等。此外,RF电路901还可以通过无线通信与网络和其他设备通信。所述无线通信可以使用任一通信标准或协议,包括但不限于全球移动通讯系统(GSM,Global System of Mobile communication)、通用分组无线服务(GPRS,General Packet Radio Service)、码分多址(CDMA,Code Division Multiple Access)、宽带码分多址(WCDMA,Wideband Code Division Multiple Access)、长期演进(LTE,Long Term Evolution)、电子邮件、短消息服务(SMS,Short Messaging Service)等。
存储器902可用于存储软件程序以及模块,处理器908通过运行存储在存储器902的软件程序以及模块,从而执行各种功能应用以及数据处理。存储器902可主要包括存储程序区和存储数据区,其中,存储程序区可存储操作系统、至少一个功能所需的应用程序(比如声音播放功能、图像播放功能等)等;存储数据区可存储根据终端的使用所创建的数据(比如音频数据、电话本等)等。此外,存储器902可以包括高速随机存取存储器,还可以包括非易失性存储器,例如至少一个磁盘存储器件、闪存器件、或其他易失性固态存储器件。相应地,存储器902还可以包括存储器控制器,以提供处理器908和输入单元903对存储器902的访问。
输入单元903可用于接收输入的数字或字符信息,以及产生与用户设置以及功能控制有关的键盘、鼠标、操作杆、光学或者轨迹球信号输入。具体地,在一个具体的实施例中,输入单元903可包括触敏表面以及其他输入设备。触敏表面,也称为触摸显示屏或者触控板,可收集用户在其上或附近的触摸操作(比如用户使用手指、触笔等任何适合的物体或附件在触敏表面上或在触敏表面附近的操作),并根据预先设定的程式驱动相应的连接装置。可选的,触敏表面可包括触摸检测装置和触摸控制器两个部分。其中,触摸检测装置检测用户的触摸方位,并检测触摸操作带来的信号,将信号传送给触摸控制器;触摸控制器从触摸检测装置上接收触摸信息,并将它转换成触点坐标,再送给处理器908,并能接收处理器908发来的命令并加以执行。此外,可以采用电阻式、
电容式、红外线以及表面声波等多种类型实现触敏表面。除了触敏表面,输入单元903还可以包括其他输入设备。具体地,其他输入设备可以包括但不限于物理键盘、功能键(比如音量控制按键、开关按键等)、轨迹球、鼠标、操作杆等中的一种或多种。
显示单元904可用于显示由用户输入的信息或提供给用户的信息以及终端的各种图形用户接口,这些图形用户接口可以由图形、文本、图标、视频和其任意组合来构成。比如,显示单元904,用于显示辅助服务的授权管理界面,授权管理界面包括目标应用程序的标识。显示单元904可包括显示面板,可选的,可以采用液晶显示器(LCD,Liquid Crystal Display)、有机发光二极管(OLED,Organic Light-Emitting Diode)等形式来配置显示面板。进一步的,触敏表面可覆盖显示面板,当触敏表面检测到在其上或附近的触摸操作后,传送给处理器908以确定触摸事件的类型,随后处理器908根据触摸事件的类型在显示面板上提供相应的视觉输出。虽然在图9中,触敏表面与显示面板是作为两个独立的部件来实现输入和输入功能,但是在某些实施例中,可以将触敏表面与显示面板集成而实现输入和输出功能。
终端还可包括至少一种传感器905,比如光传感器、运动传感器以及其他传感器。具体地,光传感器可包括环境光传感器及接近传感器,其中,环境光传感器可根据环境光线的明暗来调节显示面板的亮度,接近传感器可在终端移动到耳边时,关闭显示面板和/或背光。作为运动传感器的一种,重力加速度传感器可检测各个方向上(一般为三轴)加速度的大小,静止时可检测出重力的大小及方向,可用于识别手机姿态的应用(比如横竖屏切换、相关游戏、磁力计姿态校准)、振动识别相关功能(比如计步器、敲击)等;至于终端还可配置的陀螺仪、气压计、湿度计、温度计、红外线传感器等其他传感器,在此不再赘述。
音频电路906、扬声器,传声器可提供用户与终端之间的音频接口。音频电路906可将接收到的音频数据转换后的电信号,传输到扬声器,由扬声器转换为声音信号输出;另一方面,传声器将收集的声音信号转换为电信号,由音频电路906接收后转换为音频数据,再将音频数据输出处理器908处理后,经RF电路901以发送给比如另一终端,或者将音频数据输出至存储器902以便进一步处理。音频电路906还可能包括耳塞插孔,以提供外设耳机与终端的通信。
WiFi属于短距离无线传输技术,终端通过WiFi模块907可以帮助用户收发电子邮件、浏览网页和访问流式媒体等,它为用户提供了无线的宽带互联网访问。虽然图9示出了WiFi模块907,但是可以理解的是,其并不属于终端的必须构成,完全可以根据需要在不改变发明的本质的范围内而省略。
处理器908是终端的控制中心,利用各种接口和线路连接整个手机的各个部分,通过运行或执行存储在存储器902内的软件程序和/或模块,以及调用存储在存储器902内的数据,执行终端的各种功能和处理数据,从而对手机进行整体监控。可选的,处理器908可包括一个或多个处理核心;优选的,处理器908可集成应用处理器和调制解调处理器,其中,应用处理器主要处理操作系统、用户界面和应用程序等,调制解调处理器主要处理无线通信。可以理解的是,上述调制解调处理器也可以不集成到处理器908中。
终端还包括给各个部件供电的电源909(比如电池),优选的,电源可以通过电源管理系统与处理器908逻辑相连,从而通过电源管理系统实现管理充电、放电、以及功耗管理等功能。电源909还可以包括一个或一个以上的直流或交流电源、再充电系统、电源故障检测电路、电源转换器或者逆变器、电源状态指示器等任意组件。
尽管未示出,终端还可以包括蓝牙模块等,在此不再赘述。具体在本实施例中,终端中的处理器908会运行存储在存储器902中的一个或一个以上的程序指令,从而实现上述各个方法实施例中所提供的辅助服务管理方法。
本领域普通技术人员可以理解上述实施例的各种方法中的全部或部分步骤是可以通过程序来指令相关的硬件来完成,该程序可以存储于一计算机可读存储介质中,存储介质可以包括:只读存储器(ROM,Read Only Memory)、随机存取记忆体(RAM,Random Access Memory)、磁盘或光盘等。
本领域普通技术人员可以理解实现上述实施例的全部或部分步骤可以通过硬件来完成,也可以通过程序来指令相关的硬件完成,所述的程序可以存储于一种计算机可读存储介质中,上述提到的存储介质可以是只读存储器,磁盘或光盘等。
以上所述仅为本发明的较佳实施例,并不用以限制本发明,凡在本发明的精神和原则之内,所作的任何修改、等同替换、改进等,均应包含在本发明的
保护范围之内。
Claims (21)
- 一种辅助服务管理方法,其特征在于,所述方法包括:当满足辅助服务提供的权限的申请需求时,显示辅助服务的授权管理界面,所述授权管理界面包括目标应用程序的标识,所述目标应用程序是通过所述辅助服务对应的黑名单列表和/或白名单列表进行过滤后的应用程序;其中,所述授权管理界面用于供用户向所述目标应用程序授予所述辅助服务提供的权限的用户界面。
- 根据权利要求1所述的方法,其特征在于,所述方法还包括:获取第一应用程序列表,所述第一应用程序列表包括至少一个第一应用程序的标识,所述第一应用程序是申请所述辅助服务提供的权限的应用程序;根据所述黑名单列表和/或所述白名单列表对所述第一应用程序的标识进行过滤,得到所述目标应用程序的标识。
- 根据权利要求2所述的方法,其特征在于,所述根据所述黑名单列表对所述第一应用程序的标识进行过滤,得到所述目标应用程序的标识,包括:检测所述第一应用程序的标识是否属于所述黑名单列表;若所述第一应用程序的标识不属于所述黑名单列表,则将所述第一应用程序的标识确定为所述目标应用程序的标识。
- 根据权利要求2所述的方法,其特征在于,所述根据所述白名单列表对所述第一应用程序的标识进行过滤,得到所述目标应用程序的标识,包括:检测所述第一应用程序的标识是否属于所述白名单列表;若所述第一应用程序的标识属于所述白名单列表,则将所述第一应用程序的标识确定为所述目标应用程序的标识。
- 根据权利要求1至4任一所述的方法,其特征在于,所述方法还包括:通过所述授权管理界面接收用户对所述目标应用程序的授权指令;根据所述授权指令向所述目标应用程序授予所述辅助服务提供的权限。
- 根据权利要求1至4任一所述的方法,其特征在于,所述方法还包括:获取第二应用程序列表,所述第二应用程序列表包括至少一个第二应用程序的标识,所述第二应用程序是已授予所述辅助服务提供的权限的应用程序;根据所述黑名单列表和/或所述白名单列表对所述第二应用程序的已授予的所述权限进行取消。
- 根据权利要求6所述的方法,其特征在于,所述根据所述黑名单列表对所述第二应用程序的已授予的所述权限进行取消,包括:检测所述第二应用程序的标识是否属于所述黑名单列表;若所述第二应用程序的标识属于所述黑名单列表,则通过授权管理进程对所述第二应用程序的已授予的权限进行取消。
- 根据权利要求6所述的方法,其特征在于,所述根据所述白名单列表对所述第二应用程序的已授予的所述权限进行取消,包括:检测所述第二应用程序的标识是否属于所述白名单列表;若所述第二应用程序的标识不属于所述白名单列表,则通过授权管理进程对所述第二应用程序的已授予的权限进行取消。
- 根据权利要求1至8任一所述的方法,其特征在于,所述方法还包括:通过云端服务器对所述授权管理界面包括的目标应用程序进行设置。
- 根据权利要求9所述的方法,其特征在于,所述通过云端服务器对所述授权管理界面包括的目标应用程序进行设置,包括:按照预定时间规则从云端服务器下载所述黑名单列表和/或所述白名单列表,所述黑名单列表和/或所述白名单列表是在所述云端服务器更新过的列表。
- 一种辅助服务管理装置,其特征在于,所述装置包括:界面显示模块,用于当满足辅助服务提供的权限的申请需求时,显示辅助服务的授权管理界面,所述授权管理界面包括目标应用程序的标识,所述目标应用程序是通过所述辅助服务对应的黑名单列表和/或白名单列表进行过滤后的应用程序;其中,所述授权管理界面用于供用户向所述目标应用程序授予所述辅助服务提供的权限的用户界面。
- 根据权利要求11所述的装置,其特征在于,所述装置还包括:第一获取模块,用于获取第一应用程序列表,所述第一应用程序列表包括至少一个第一应用程序的标识,所述第一应用程序是申请所述辅助服务提供的权限的应用程序;第一过滤模块,用于根据所述黑名单列表和/或所述白名单列表对所述第一应用程序的标识进行过滤,得到所述目标应用程序的标识。
- 根据权利要求12所述的装置,其特征在于,所述第一过滤模块,包括:第一检测单元,用于检测所述第一应用程序的标识是否属于所述黑名单列表;第一确定单元,用于若所述第一应用程序的标识不属于所述黑名单列表,则将所述第一应用程序的标识确定为所述目标应用程序的标识。
- 根据权利要求12所述的装置,其特征在于,所述第一过滤模块,包括:第二检测单元,用于检测所述第一应用程序的标识是否属于所述白名单列表;第二确定单元,用于若所述第一应用程序的标识属于所述白名单列表,则将所述第一应用程序的标识确定为所述目标应用程序的标识。
- 根据权利要求11至14任一所述的装置,其特征在于,所述装置还包括:指令接收模块,用于通过所述授权管理界面接收用户对所述目标应用程序的授权指令;权限授予模块,用于根据所述授权指令向所述目标应用程序授予所述辅助服务提供的权限。
- 根据权利要求11至14任一所述的装置,其特征在于,所述装置还包括:第二获取模块,用于获取第二应用程序列表,所述第二应用程序列表包括至少一个第二应用程序的标识,所述第二应用程序是已授予所述辅助服务提供的权限的应用程序;权限取消模块,用于根据所述黑名单列表和/或所述白名单列表对所述第二应用程序的已授予的所述权限进行取消。
- 根据权利要求16所述的装置,其特征在于,所述权限取消模块,包括:第三检测单元,用于检测所述第二应用程序的标识是否属于所述黑名单列表;第一取消单元,用于若所述第二应用程序的标识属于所述黑名单列表,则通过授权管理进程对所述第二应用程序的已授予的权限进行取消。
- 根据权利要求16所述的装置,其特征在于,所述权限取消模块,包括:第四检测单元,用于检测所述第二应用程序的标识是否属于所述白名单列表;第二取消单元,用于若所述第二应用程序的标识不属于所述白名单列表,则通过授权管理进程对所述第二应用程序的已授予的权限进行取消。
- 根据权利要求11至18任一所述的装置,其特征在于,所述装置还包括:设置模块,用于通过云端服务器对所述授权管理界面包括的目标应用程序进行设置。
- 根据权利要求19所述的装置,其特征在于,所述设置模块,包括:列表下载单元,用于按照预定时间规则从云端服务器下载所述黑名单列表和/或所述白名单列表,所述黑名单列表和/或所述白名单列表是在所述云端服务器更新过的列表。
- 一种辅助服务管理装置,其特征在于,包括:处理器;用于存储所述处理器的可执行指令的存储器;其中,所述处理器被配置为:当满足辅助服务提供的权限的申请需求时,显示辅助服务的授权管理界面,所述授权管理界面包括目标应用程序的标识,所述目标应用程序是通过所述辅助服务对应的黑名单列表和/或白名单列表进行过滤后的应用程序;其中,所述授权管理界面用于供用户向所述目标应用程序授予所述辅助服务提供的权限的用户界面。
Priority Applications (2)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201680000855.1A CN106462697B (zh) | 2016-09-09 | 2016-09-09 | 辅助服务管理方法及装置 |
PCT/CN2016/098590 WO2018045564A1 (zh) | 2016-09-09 | 2016-09-09 | 辅助服务管理方法及装置 |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
PCT/CN2016/098590 WO2018045564A1 (zh) | 2016-09-09 | 2016-09-09 | 辅助服务管理方法及装置 |
Publications (1)
Publication Number | Publication Date |
---|---|
WO2018045564A1 true WO2018045564A1 (zh) | 2018-03-15 |
Family
ID=58215929
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
PCT/CN2016/098590 WO2018045564A1 (zh) | 2016-09-09 | 2016-09-09 | 辅助服务管理方法及装置 |
Country Status (2)
Country | Link |
---|---|
CN (1) | CN106462697B (zh) |
WO (1) | WO2018045564A1 (zh) |
Families Citing this family (12)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2018045564A1 (zh) * | 2016-09-09 | 2018-03-15 | 北京小米移动软件有限公司 | 辅助服务管理方法及装置 |
CN107908953A (zh) * | 2017-11-21 | 2018-04-13 | 广东欧珀移动通信有限公司 | 系统通知服务控制方法、装置、终端设备及存储介质 |
CN108647070B (zh) * | 2018-04-18 | 2022-02-22 | Oppo广东移动通信有限公司 | 信息提醒方法、装置、移动终端和计算机可读介质 |
CN110581831B (zh) * | 2018-06-11 | 2021-12-03 | 腾讯科技(深圳)有限公司 | 通信方法、信息获取方法、电子设备及存储介质 |
CN108920944B (zh) * | 2018-06-12 | 2023-05-23 | 腾讯科技(深圳)有限公司 | 辅助点击事件的检测方法、装置、计算机设备及存储介质 |
CN109710338A (zh) * | 2018-12-24 | 2019-05-03 | 努比亚技术有限公司 | 一种移动终端的搜索方法、移动终端及存储介质 |
CN110086925A (zh) * | 2019-03-28 | 2019-08-02 | 努比亚技术有限公司 | 一种应用处理方法及移动终端 |
CN110008693A (zh) * | 2019-04-12 | 2019-07-12 | 深圳市趣创科技有限公司 | 安全应用程序加密保证方法及装置与系统和存储介质 |
CN111757024A (zh) * | 2020-07-30 | 2020-10-09 | 青岛海信传媒网络技术有限公司 | 一种控制智能图像模式切换的方法及显示设备 |
CN112764832A (zh) * | 2021-01-21 | 2021-05-07 | 青岛海信移动通信技术股份有限公司 | 一种应用程序安装、卸载方法及通信终端 |
CN113792327B (zh) * | 2021-08-12 | 2022-09-02 | 荣耀终端有限公司 | 权限管理方法、用户界面及电子设备 |
CN115859228A (zh) * | 2022-12-01 | 2023-03-28 | 湖南于一科技有限公司 | 防止应用程序中信息泄露的方法、装置、设备及存储介质 |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101115023A (zh) * | 2006-07-25 | 2008-01-30 | 华为技术有限公司 | Cbcs业务的订阅、修改、撤销订阅权限和退订的方法 |
CN103299658A (zh) * | 2010-11-19 | 2013-09-11 | 移动熨斗公司 | 移动应用的管理 |
CN103544035A (zh) * | 2013-10-21 | 2014-01-29 | 北京奇虎科技有限公司 | 用于移动终端的应用清理方法及装置 |
CN106462697A (zh) * | 2016-09-09 | 2017-02-22 | 北京小米移动软件有限公司 | 辅助服务管理方法及装置 |
Family Cites Families (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US8656487B2 (en) * | 2005-09-23 | 2014-02-18 | Intel Corporation | System and method for filtering write requests to selected output ports |
CN103686722B (zh) * | 2012-09-13 | 2018-06-12 | 中兴通讯股份有限公司 | 访问控制方法及装置 |
CN104462978B (zh) * | 2014-12-24 | 2017-09-15 | 北京奇虎科技有限公司 | 一种应用程序权限管理的方法和装置 |
-
2016
- 2016-09-09 WO PCT/CN2016/098590 patent/WO2018045564A1/zh active Application Filing
- 2016-09-09 CN CN201680000855.1A patent/CN106462697B/zh active Active
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101115023A (zh) * | 2006-07-25 | 2008-01-30 | 华为技术有限公司 | Cbcs业务的订阅、修改、撤销订阅权限和退订的方法 |
CN103299658A (zh) * | 2010-11-19 | 2013-09-11 | 移动熨斗公司 | 移动应用的管理 |
CN103544035A (zh) * | 2013-10-21 | 2014-01-29 | 北京奇虎科技有限公司 | 用于移动终端的应用清理方法及装置 |
CN106462697A (zh) * | 2016-09-09 | 2017-02-22 | 北京小米移动软件有限公司 | 辅助服务管理方法及装置 |
Also Published As
Publication number | Publication date |
---|---|
CN106462697B (zh) | 2019-11-26 |
CN106462697A (zh) | 2017-02-22 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
WO2018045564A1 (zh) | 辅助服务管理方法及装置 | |
WO2019174611A1 (zh) | 应用程序的设置方法及移动终端 | |
WO2017129031A1 (zh) | 信息获取方法及装置 | |
WO2017211205A1 (zh) | 一种白名单更新方法和装置 | |
WO2013159632A1 (zh) | 实现安全防护的方法、防火墙、终端及可读存储介质 | |
US11205001B2 (en) | Virus program cleanup method, storage medium and electronic terminal | |
WO2018214748A1 (zh) | 应用界面的显示方法、装置、终端及存储介质 | |
CN104965722B (zh) | 一种显示信息的方法及装置 | |
EP3893136B1 (en) | Permission management method and terminal device | |
WO2014000652A1 (zh) | 浏览器插件安装方法、装置及终端 | |
CN108090345B (zh) | linux系统外部命令执行方法及装置 | |
CN108604281B (zh) | 数据处理的方法及其终端 | |
CN106919458B (zh) | Hook目标内核函数的方法及装置 | |
JP7148045B2 (ja) | 認証ウィンドウ表示方法、端末、コンピュータ可読記憶媒体及びコンピュータプログラム | |
WO2020052307A1 (zh) | 权限配置方法及相关产品 | |
CN108833690A (zh) | 权限管控方法、终端及计算机可读存储介质 | |
CN105975316A (zh) | 一种进程管理方法、装置及设备 | |
US20150128129A1 (en) | Method and device for installing application | |
EP2869233B1 (en) | Method, device and terminal for protecting application program | |
CN105955789B (zh) | 一种应用程序卸载方法、装置及设备 | |
US10073957B2 (en) | Method and terminal device for protecting application program | |
WO2015184959A2 (en) | Method and apparatus for playing behavior event | |
CN106484481B (zh) | 一种多开应用的配置方法、装置及终端 | |
JP2020184367A (ja) | オフラインでアプリケーションプログラム使用時間を管理するための方法、および、端末デバイス | |
US9913055B2 (en) | Playback request processing method and apparatus |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
121 | Ep: the epo has been informed by wipo that ep was designated in this application |
Ref document number: 16915498 Country of ref document: EP Kind code of ref document: A1 |
|
NENP | Non-entry into the national phase |
Ref country code: DE |
|
122 | Ep: pct application non-entry in european phase |
Ref document number: 16915498 Country of ref document: EP Kind code of ref document: A1 |