WO2022073340A1 - Mobile terminal application security detection method and system, terminal, and storage medium - Google Patents

Mobile terminal application security detection method and system, terminal, and storage medium Download PDF

Info

Publication number
WO2022073340A1
WO2022073340A1 PCT/CN2021/090494 CN2021090494W WO2022073340A1 WO 2022073340 A1 WO2022073340 A1 WO 2022073340A1 CN 2021090494 W CN2021090494 W CN 2021090494W WO 2022073340 A1 WO2022073340 A1 WO 2022073340A1
Authority
WO
WIPO (PCT)
Prior art keywords
target application
information
comparison
target
application
Prior art date
Application number
PCT/CN2021/090494
Other languages
French (fr)
Chinese (zh)
Inventor
陈优优
Original Assignee
平安科技(深圳)有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 平安科技(深圳)有限公司 filed Critical 平安科技(深圳)有限公司
Publication of WO2022073340A1 publication Critical patent/WO2022073340A1/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/10Protecting distributed programs or content, e.g. vending or licensing of copyrighted material ; Digital rights management [DRM]
    • G06F21/12Protecting executable software
    • G06F21/14Protecting executable software against software analysis or reverse engineering, e.g. by obfuscation
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/56Computer malware detection or handling, e.g. anti-virus arrangements
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/602Providing cryptographic facilities or services
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1408Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic by monitoring network traffic
    • H04L63/1416Event detection, e.g. attack signature detection
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network

Definitions

  • the present application relates to the technical field of application security, and in particular, to a mobile terminal application security detection method, system, terminal and storage medium.
  • Android is an open source operating system based on Linux. It is mainly used in mobile terminals such as mobile phones. Currently, there is no unified Chinese name.
  • the Android platform consists of an operating system, middleware, user interface and application software.
  • An Android application refers to the application software under the Android platform.
  • the present application provides a mobile terminal application security detection method, system, terminal and storage medium, so as to solve the problem that the existing mobile terminal security protection detection results are not accurate enough.
  • a technical solution adopted in this application is to provide a mobile terminal application security detection method, including: when a target application is started, using a preset condition to determine whether to generate an instruction to detect the target application; if so, then The first target feature information is extracted from the target application, and the first target feature information includes the feature information used to identify and distinguish the target application; the first comparison information is obtained from the local so library, and the second comparison information is obtained from the cloud server at the same time.
  • the comparison information, the first comparison information and the second comparison information constitute comparison information; the first target feature information is compared with the comparison information to obtain a first comparison result, and the first comparison result is output and displayed and displayed. At the same time feedback to the cloud server.
  • another technical solution adopted in this application is to provide a mobile terminal application security detection method, including: when the target application is started, using a preset condition to determine whether to generate an instruction to detect the target application; Then extract the second target feature information from the target application, and the second target feature information includes the fixed name and picture information existing in the target application; send the second target feature information to the cloud server, and use the cloud server to Perform big data comparison and analysis on the feature information of the two targets and obtain a second comparison result; and receive the second comparison result fed back by the cloud server.
  • a mobile terminal application security detection method including: receiving a core code program issued by a cloud server; extracting third target feature information from a target application , the third target feature information includes the code program to be detected corresponding to the core code program in the target application; compare the core code program with the third target feature information to obtain a third comparison result, and output the third comparison result Displayed and fed back to the cloud server at the same time.
  • a mobile terminal application security detection system including: a first judgment module, configured to use preset conditions to judge whether to generate a detection module when the target application is started The instruction of the target application; the first extraction module is used to extract the first target feature information from the target application when the instruction for detecting the target application is generated, and the first target feature information includes the feature information for identifying and distinguishing the target application;
  • the acquisition module is used to obtain the first comparison information from the local so library, and simultaneously obtain the second comparison information from the cloud server, and the first comparison information and the second comparison information form the comparison information; the first comparison module is used to compare the first target feature information with the comparison information to obtain a first comparison result, output and display the first comparison result and feed it back to the cloud server at the same time.
  • a terminal wherein the terminal includes a processor and a memory coupled to the processor, and the memory stores a program file that can be run on the processor, wherein, when the processor executes the program file, the following steps are implemented: when the target application is started, use a preset condition to determine whether to generate an instruction to detect the target application; if so, extract first target feature information from the target application, and the first target feature The information includes the feature information for identifying and distinguishing the target application; the first comparison information is obtained from the local so library, and the second comparison information is obtained from the cloud server at the same time, and the first comparison information and the second comparison information form a comparison Comparing information; comparing the first target feature information with the comparison information to obtain a first comparison result, and outputting and displaying the first comparison result and feeding it back to the cloud server at the same time.
  • a terminal wherein the terminal includes a processor and a memory coupled to the processor, and the memory stores a program file that can be run on the processor, wherein, when the processor executes the program file, the following steps are implemented: when the target application starts, use a preset condition to determine whether to generate an instruction to detect the target application; if so, extract second target feature information from the target application, and the second target feature The information includes the fixed name and picture information existing in the target application; the second target feature information is sent to the cloud server, and the cloud server is used to perform big data comparison analysis on the second target feature information and obtain the second comparison result ; Receive the second comparison result fed back by the cloud server.
  • another technical solution adopted in the present application is to provide a terminal, wherein the terminal includes a processor and a memory coupled to the processor, and the memory stores a program file that can be run on the processor, wherein, when the processor executes the program file, the following steps are implemented: receiving the core code program issued by the cloud server; extracting third target feature information from the target application, where the third target feature information includes the waiting list corresponding to the core code program in the target application Detecting the code program; comparing the core code program with the third target feature information to obtain a third comparison result, and outputting and displaying the third comparison result and feeding it back to the cloud server at the same time.
  • another technical solution adopted in the present application is to provide a storage medium, wherein a program file capable of realizing a mobile terminal application security detection method is stored, and the following steps are realized when the program file is executed by the processor:
  • the preset condition is used to determine whether to generate an instruction for detecting the target application; if so, the first target feature information is extracted from the target application, and the first target feature information includes feature information for identifying and distinguishing the target application.
  • first comparison information from the local so library, simultaneously obtain the second comparison information from the cloud server, the first comparison information and the second comparison information form the comparison information;
  • the first target feature information and comparison The information is compared to obtain a first comparison result, and the first comparison result is output and displayed and fed back to the cloud server at the same time.
  • another technical solution adopted in the present application is to provide a storage medium, wherein a program file capable of realizing a mobile terminal application security detection method is stored, and the following steps are realized when the program file is executed by the processor:
  • the preset condition is used to determine whether to generate an instruction for detecting the target application; if so, the second target feature information is extracted from the target application, and the second target feature information includes the name that exists in the target application and is fixed. and picture information; send the second target feature information to the cloud server, use the cloud server to perform big data comparison analysis on the second target feature information and obtain a second comparison result; receive the second comparison result fed back by the cloud server.
  • another technical solution adopted in the present application is to provide a storage medium, wherein a program file capable of realizing a mobile terminal application security detection method is stored, and the following steps are realized when the program file is executed by the processor: Receive the core code program issued by the cloud server; extract third target feature information from the target application, where the third target feature information includes the code program to be detected corresponding to the core code program in the target application; associate the core code program with the third target The feature information is compared to obtain a third comparison result, and the third comparison result is output and displayed and fed back to the cloud server at the same time.
  • the mobile terminal application security detection method of the present application divides the comparison information for verifying the first target feature information into two sections, one section is stored in the so library, and one section is stored in the cloud server, This method of storing comparison information in segments, even if it is attacked by a virus program, only a part of the comparison information will be tampered with, and the tampering of the complete comparison information cannot be completed.
  • the first comparison information is obtained from the so library
  • the second comparison information is obtained from the cloud server, and the comparison information composed of the first comparison information and the second comparison information is compared with the first target feature information. Yes, to confirm whether the first target feature information has been tampered with, which makes the final verification result accurate.
  • the setting of the preset conditions makes it possible to control the number of detection target applications, reduce the amount of data processing, and avoid frequent resource occupation.
  • FIG. 1 is a schematic flowchart of a mobile terminal application security detection method according to a first embodiment of the present application
  • FIG. 2 is a schematic flowchart of a mobile terminal application security detection method according to a second embodiment of the present application
  • FIG. 3 is a schematic flowchart of a mobile terminal application security detection method according to a third embodiment of the present application.
  • FIG. 4 is a schematic flowchart of a mobile terminal application security detection method according to a fourth embodiment of the present application.
  • FIG. 5 is a schematic diagram of functional modules of the mobile terminal application security detection system according to the first embodiment of the present application.
  • FIG. 6 is a schematic diagram of functional modules of a mobile terminal application security detection system according to a second embodiment of the present application.
  • FIG. 7 is a schematic diagram of functional modules of a mobile terminal application security detection system according to a third embodiment of the present application.
  • FIG. 8 is a schematic structural diagram of a terminal according to an embodiment of the present application.
  • FIG. 9 is a schematic structural diagram of a storage medium according to an embodiment of the present application.
  • first”, “second” and “third” in this application are only used for descriptive purposes, and should not be construed as indicating or implying relative importance or implying the number of indicated technical features. Thus, a feature defined as “first”, “second”, “third” may expressly or implicitly include at least one of that feature.
  • "a plurality of” means at least two, such as two, three, etc., unless otherwise expressly and specifically defined. All directional indications (such as up, down, left, right, front, rear%) in the embodiments of the present application are only used to explain the relative positional relationship between the various components under a certain posture (as shown in the accompanying drawings).
  • FIG. 1 is a schematic flowchart of a mobile terminal application security detection method according to a first embodiment of the present application. It should be noted that, if there is substantially the same result, the method of the present application is not limited to the sequence of the processes shown in FIG. 1 . As shown in Figure 1, the method includes the steps:
  • Step S101 When the target application is started, it is determined by using a preset condition whether to generate an instruction for detecting the target application. If yes, step S102 is executed.
  • the preset condition is preset.
  • the number of times of detecting the target application is controlled, so as to avoid detection every time the target application is started, thereby achieving the purpose of reducing the amount of data processing. If the instruction for detecting the target application is not generated, the target application does not need to be detected, and the target application is directly started.
  • step S101 specifically includes:
  • the preset threshold is preset, for example, it can be set to 1 day.
  • the time interval is used to limit the detection frequency of the target application, thereby reducing the detection times of the target application.
  • the target application that the user will not start does not need to consume resources to perform the detection.
  • it can also be set to generate an instruction for detecting the target application when the target application is started for the first time every day. If the target application is not started for the first time on that day, the target application does not need to be detected.
  • step S101 specifically includes:
  • a preset random program is executed to obtain a random result, and the random result includes detecting the target application and not detecting the target application.
  • a random program is set for the target application.
  • the random result includes detecting the target application and not detecting the target application.
  • the target application detection When the target application is started, if the randomly selected result is the target application detection , an instruction for verifying the target application is generated, and if the extracted result is that the target application is not detected, no operation is performed.
  • the detection frequency of the target application is reduced.
  • the random program will only be executed when the target application is started, which makes the detection of the target application highly probabilistic, making it difficult for the virus program to confirm which time the target application will be detected when the target application is started, which further improves the security protection performance of the target application.
  • the occurrence probability of detecting the target application and not detecting the target application in the random result can be preset. For example, for a class of applications that are started frequently, the probability of occurrence of the detected target application in the corresponding random result is set to be low, and the probability of occurrence of the target application not to be detected is set to be high. For a class of applications that are not started frequently, set the probability of occurrence of the detected target application in the corresponding random result to be high, and set the probability of occurrence of the target application not to be detected to be low.
  • the probability of occurrence of random results can be controlled, so as to avoid frequent detection and cause excessive resource occupation.
  • WeChat users start WeChat very frequently every day.
  • the probability of occurrence of the detected target application in the random results corresponding to WeChat can be set to be low, and the target application will not be detected.
  • the probability of occurrence is set to be high, so as to control the frequency of WeChat detection.
  • the preset conditions of the target application can also be specified by the user, by placing both the periodic detection method and the random detection method into the mobile terminal, and then specified by the user.
  • the user specifies that the target application A uses periodic detection.
  • the user specifies that the B target application adopts the random detection method, so as to meet the different needs of the user.
  • Step S102 Extract first target feature information from the target application, where the first target feature information includes feature information for identifying and distinguishing target applications.
  • the first target feature information includes a package name and a signature.
  • the package name is the unique identifier for judging an app in the Android system.
  • Different apps can have the same name, but their package names cannot be the same. For example, we can compile and generate an app called "WeChat", but its package name cannot be com.tencent.mm (WeChat's package name).
  • WeChat's package name If the package names of two apps are the same, the mobile terminal only allows these two apps to be installed. One of the apps. In order for the mobile terminal to identify which App is the required App, it needs to be identified by the App signature.
  • the significance of the App signature is to ensure the legal ID of each application developer and prevent some developers from using the same To obfuscate and replace the installed program, the released APK file needs to be uniquely signed to ensure the consistency of each released version.
  • Step S103 Obtain the first comparison information from the local so library, and simultaneously obtain the second comparison information from the cloud server, and the first comparison information and the second comparison information form the comparison information.
  • the developer extracts all package names and signatures, then truncates the package names and signatures, and stores part of the package name and part of the signature as the first comparison information in the so library , the other part of the package name and the other part of the signature are stored in the cloud server as the second comparison information.
  • the first comparison information needs to be obtained from the so library, from The second comparison information is obtained in the cloud server, and the first comparison information and the second comparison information are combined into comparison information, and then the comparison with the first target feature information can be performed.
  • step S103 specifically includes:
  • the verification information reserved on the first comparison information and the second comparison information is matched, so as to determine whether there is any in the first comparison information and the second comparison information. tampered to ensure the accuracy of the final comparison information. For example, by setting a flag bit in both the first comparison information and the second comparison information, when combining, it is verified whether the flag bits on the first comparison information and the second comparison information match.
  • the comparison information by performing matching verification between the first comparison information and the second comparison information, it is confirmed whether the first comparison information and the second comparison information have been tampered with, thereby ensuring that the finally obtained comparison information is accurate. If the comparison information is tampered, it means that the target application has also been tampered with, and there is no need to perform the comparison between the first target feature information and the comparison information.
  • Step S104 Comparing the first target feature information with the comparison information to obtain a first comparison result, and outputting and displaying the first comparison result and feeding it back to the cloud server at the same time.
  • step S104 it also includes: when it is confirmed that the program of the target application has been tampered with according to the first comparison result, terminating the target application, Then use the pre-set prohibition program to prohibit the target application from starting, and at the same time send out an alarm message to remind the user.
  • the mobile terminal application security detection method divides the comparison information used to verify the first target feature information into two sections, one section is stored in the so library, and the other section is stored in the cloud server. In the way of segment storage comparison information, even if it is attacked by a virus program, only part of the comparison information will be tampered with, and the complete comparison information cannot be tampered with.
  • the first comparison information is obtained from the so library
  • the second comparison information is obtained from the cloud server
  • the comparison information composed of the first comparison information and the second comparison information is used to compare the first target feature information to Confirm whether the first target feature information has been tampered with, which makes the final verification result accurate.
  • the setting of the preset conditions makes it possible to control the number of detection target applications, reduce the amount of data processing, and avoid frequent resource occupation.
  • FIG. 2 is a schematic flowchart of a mobile terminal application security detection method according to a second embodiment of the present application. It should be noted that, if there is substantially the same result, the method of the present application is not limited to the sequence of the processes shown in FIG. 2 . As shown in Figure 2, the method includes the steps:
  • Step S201 when the target application is started, it is determined by using a preset condition whether to generate an instruction for detecting the target application. If yes, step S202 is executed.
  • step S201 in FIG. 2 is similar to step S101 in FIG. 1 , and for the sake of brevity, details are not repeated here.
  • Step S202 Extract the first target feature information from the target application.
  • step S202 in FIG. 2 is similar to step S102 in FIG. 1 , and for the sake of brevity, details are not repeated here.
  • Step S203 Obtain the first comparison information from the local so library, and simultaneously obtain the second comparison information from the cloud server, and the first comparison information and the second comparison information form the comparison information.
  • step S203 in FIG. 2 is similar to step S103 in FIG. 1 , and for the sake of brevity, details are not repeated here.
  • Step S204 Comparing the first target feature information with the comparison information to obtain a first comparison result, and outputting and displaying the first comparison result and feeding it back to the cloud server at the same time.
  • step S204 in FIG. 2 is similar to step S104 in FIG. 1 , and for the sake of brevity, details are not repeated here.
  • Step S205 when the target application interacts with the external terminal, the first key segment is obtained from the so library, and the second key segment is obtained from the cloud server at the same time.
  • the first key segment and the second key segment form a secret key segment. key.
  • the developer divides the key of the target application into two segments, the first key segment is stored in the so library, and the second key segment is stored in the cloud server, so that the virus program cannot be directly obtained. to the complete key, reducing the possibility of key leakage.
  • verification information is preset on the first key segment and the second key segment, and the verification message of the first key segment matches the verification message of the second key segment.
  • the verification information of the first key segment is matched with the verification information of the second key segment.
  • the key segment constitutes the key, and if the match fails, a message that the key has been tampered with is output.
  • Step S206 Encrypt the information to be sent with the key and/or decrypt the received information with the key.
  • Step S207 when the target application is terminated, delete the key generated by the combination.
  • the previously generated key can be deleted to prevent it from being stolen by the virus program.
  • the mobile terminal application security detection method stores the key in segments, making it difficult for the key to be completely acquired by the virus program, thereby ensuring the connection between the target application and the external terminal.
  • the security of data communication, and when the target application is terminated, the key generated by the combination is deleted in time to prevent it from being stolen by the virus program and then decompiled to crack the target application, which improves the protection performance of the target application.
  • FIG. 3 is a schematic flowchart of a mobile terminal application security detection method according to a third embodiment of the present application. It should be noted that, if there is substantially the same result, the method of the present application is not limited to the sequence of the processes shown in FIG. 3 . As shown in Figure 3, the method includes the steps:
  • Step S301 when the target application is started, it is determined by using a preset condition whether to generate an instruction for detecting the target application. If yes, step S302 is executed.
  • step S301 in FIG. 3 is similar to step S101 in FIG. 1 , and for the sake of brevity, details are not repeated here.
  • Step S302 Extract second target feature information from the target application, where the second target feature information includes the fixed name and picture information existing in the target application.
  • the second target feature information includes a fixed name and picture information existing in the target application, wherein the name information can be a fixed name such as the name of the target application, the name of a module in the target application, etc., and the picture information It can be the logo of the target application, the picture on the page of the target application, etc. It should be noted that, considering the large amount of data of resource names and pictures in the target application, this embodiment adopts a random extraction method to randomly extract the second target feature information without acquiring all the second target features. information.
  • Step S303 Send the second target feature information to the cloud server, and use the cloud server to perform big data comparison analysis on the second target feature information and obtain a second comparison result.
  • the third comparison result is obtained by uploading the second target feature information to the cloud server, and using the cloud server to perform big data comparison and analysis on the second target feature information.
  • the cloud server compares and analyzes the second target feature information, it mainly uses the resource names and pictures of each version of the target application to compare with the second target feature information.
  • the current version number of the target application of the mobile terminal, and then the resource name and picture corresponding to the version number are obtained, and then compared with the second target feature information.
  • Step S304 Receive the second comparison result fed back by the cloud server.
  • the cloud server saves the second comparison result, and in addition, the second comparison result needs to be synchronized to the mobile terminal to inform the user of the comparison situation.
  • a portion of the second target feature information is randomly extracted and uploaded to the cloud server, and the cloud server is used to perform big data analysis and comparison on the second target feature information, and then obtain and compare the result.
  • the second comparison result which does not need to complete the process of data analysis and comparison in the mobile terminal itself, reduces the occupation of resources, and at the same time, the data in the cloud server is difficult to be tampered with. Therefore, the method of cloud server comparison is adopted. , the comparison result is more accurate.
  • FIG. 4 is a schematic flowchart of a mobile terminal application security detection method according to a fourth embodiment of the present application. It should be noted that, if there is substantially the same result, the method of the present application is not limited to the sequence of the processes shown in FIG. 4 . As shown in Figure 4, the method includes the steps:
  • Step S401 Receive the core code program issued by the cloud server.
  • the core code program refers to a very important code program in the target application.
  • detection can also be performed through the core code program in the target application, for example, a code that implements a "payment function".
  • the existing virus program is mainly aimed at tampering with the core program of the target application, so as to achieve the purpose of profit.
  • the user's payment information on the target application is If it is stolen, the interests of the user will be lost. Therefore, this embodiment can also detect the core program of the target application.
  • the frequency of the core code program issued by the cloud server is set by the developer, and can be issued once at a preset time interval.
  • Step S402 Extract third target feature information from the target application, where the third target feature information includes the code program to be detected corresponding to the core code program in the target application.
  • the third target feature information specifically refers to a piece of code program to be detected corresponding to the core code program in the target application.
  • Step S403 Compare the core code program with the third target feature information to obtain a third comparison result, and output and display the third comparison result and feed it back to the cloud server at the same time.
  • the mobile terminal application security detection method confirms the third target feature information corresponding to the core code program issued by the cloud server from the target application, where the third target feature information is the code program to be detected, and then Compare the third target feature information with the core code program to obtain a third comparison result, and confirm whether the target application has been tampered with according to the third comparison result. detection method, so as to achieve the purpose of improving the accuracy of the final detection result.
  • the first comparison result or the second comparison result or the third comparison result after obtaining the first comparison result or the second comparison result or the third comparison result, it also includes: comparing the first comparison result or the second comparison result or the third comparison result
  • the results are uploaded to the blockchain.
  • the corresponding summary information is obtained based on the first comparison result or the second comparison result or the third comparison result.
  • the summary information is obtained from the first comparison result or the second comparison result or the third comparison result.
  • the result is obtained by hashing, for example, using the sha256s algorithm.
  • Uploading summary information to the blockchain ensures its security and fairness and transparency to users.
  • the user equipment can download the summary information from the blockchain, so as to verify whether the first comparison result, the second comparison result, and the third comparison result have been tampered with.
  • the blockchain referred to in this example is a new application mode of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm.
  • Blockchain essentially a decentralized database, is a series of data blocks associated with cryptographic methods. Each data block contains a batch of network transaction information to verify its Validity of information (anti-counterfeiting) and generation of the next block.
  • the blockchain can include the underlying platform of the blockchain, the platform product service layer, and the application service layer
  • FIG. 5 is a schematic diagram of functional modules of a mobile terminal application security detection system according to an embodiment of the present application.
  • the mobile terminal application security detection system 50 includes a first judgment module 51 , a first extraction module 52 , an acquisition module 53 and a first comparison module 54 .
  • the first judgment module 51 is configured to use a preset condition to judge whether to generate an instruction for detecting the target application when the target application is started.
  • the first extraction module 52 is configured to extract first target feature information from the target application when an instruction for detecting a target application is generated, where the first target feature information includes feature information for identifying and distinguishing the target application.
  • the obtaining module 53 is configured to obtain the first comparison information from the local so library, and simultaneously obtain the second comparison information from the cloud server, and the first comparison information and the second comparison information constitute the comparison information.
  • the first comparison module 54 is configured to compare the first target feature information with the comparison information to obtain a first comparison result, output and display the first comparison result and feed it back to the cloud server at the same time.
  • the first judging module 51 uses a preset condition to determine whether to generate an instruction to detect the target application.
  • the operation may also be: when the target application is started, obtain the difference between the last detection time of the target application and the current time. Time interval; when the time interval exceeds a preset threshold, an instruction to detect the target application is generated.
  • the first judgment module 51 uses a preset condition to judge whether to generate an instruction to detect the target application.
  • the operation may also be: when the target application is started, execute a preset random program to obtain a random result, The random result includes detecting the target application and not detecting the target application; if the random result is detecting the target application, an instruction for detecting the target application is generated.
  • the operation of the acquisition module 53 to form the comparison information from the first comparison information and the second comparison information may also be: detecting the verification information reserved on the first comparison information and the reserved verification information on the second comparison information. Whether the verification information matches; if it matches, the comparison information is obtained by combining; if it does not match, the message that the comparison information has been tampered with is output.
  • the first comparison module 54 After the first comparison module 54 obtains the first comparison result, it is also used to obtain the first key segment from the so library and the first key segment from the cloud server when the target application interacts with the external terminal. Two key segments, the first key segment and the second key segment form a key; use the key to encrypt the information to be sent and/or use the key to decrypt the received information; when the target application is terminated, the combined generated Key deletion.
  • FIG. 6 is a schematic diagram of functional modules of a mobile terminal application security detection system according to an embodiment of the present application.
  • the mobile terminal application security detection system 60 includes a second judgment module 61 , a second extraction module 62 , a sending module 63 and a first receiving module 64 .
  • the second judgment module 61 is configured to use a preset condition to judge whether to generate an instruction for detecting the target application when the target application is started.
  • the second extraction module 62 is configured to extract second target feature information from the target application when generating the instruction for detecting the target application, where the second target feature information includes the fixed name and picture information existing in the target application.
  • the sending module 63 is configured to send the second target feature information to the cloud server, and use the cloud server to perform big data comparison analysis on the second target feature information and obtain a second comparison result.
  • the first receiving module 64 is configured to receive the second comparison result fed back by the cloud server.
  • FIG. 7 is a schematic diagram of functional modules of a mobile terminal application security detection system according to an embodiment of the present application.
  • the mobile terminal application security detection system 70 includes a second receiving module 71 , a third extracting module 72 and a second comparing module 73 .
  • the second receiving module 71 is configured to receive the core code program issued by the cloud server.
  • the third extraction module 72 is configured to extract third target feature information from the target application, where the third target feature information includes the code program to be detected corresponding to the core code program in the target application.
  • the second comparison module 73 is configured to compare the core code program with the third target feature information to obtain a third comparison result, output and display the third comparison result and feed it back to the cloud server at the same time.
  • FIG. 8 is a schematic structural diagram of a terminal according to an embodiment of the present application.
  • the terminal 80 includes a processor 81 and a memory 82 coupled to the processor 81 .
  • the memory 82 stores program instructions for implementing the mobile terminal application security detection method described in any of the foregoing embodiments.
  • the processor 81 is configured to execute the program instructions stored in the memory 82 to perform security detection on the mobile terminal application program.
  • the processor 81 may also be referred to as a CPU (Central Processing Unit, central processing unit).
  • the processor 81 may be an integrated circuit chip with signal processing capability.
  • the processor 81 may also be a general purpose processor, digital signal processor (DSP), application specific integrated circuit (ASIC), field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components .
  • DSP digital signal processor
  • ASIC application specific integrated circuit
  • FPGA field programmable gate array
  • a general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
  • FIG. 9 is a schematic structural diagram of a storage medium according to an embodiment of the present application.
  • the storage medium of this embodiment of the present application stores a program file 91 capable of implementing all the above-mentioned methods, wherein the program file 91 may be stored in the above-mentioned storage medium in the form of a software product, and includes several instructions to enable a computer device (which can be A personal computer, a server, or a network device, etc.) or a processor (processor) executes all or part of the steps of the methods described in the various embodiments of the present application.
  • the aforementioned storage media include: U disk, mobile hard disk, Read-Only Memory (ROM, Read-Only Memory), Random Access Memory (RAM, Random Access Memory).
  • Various media that can store program codes, such as Memory), disks, or CDs, or terminal devices such as computers, servers, mobile phones, and tablets.
  • the storage medium may be non-volatile or volatile.
  • the disclosed system, terminal and method may be implemented in other manners.
  • the system embodiments described above are only illustrative.
  • the division of units is only a logical function division. In actual implementation, there may be other division methods.
  • multiple units or components may be combined or integrated. to another system, or some features can be ignored, or not implemented.
  • the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.
  • each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit.
  • the above-mentioned integrated units may be implemented in the form of hardware, or may be implemented in the form of software functional units.

Abstract

A mobile terminal application security detection method and system, a terminal, and a storage medium. The method comprises: when a target application is started, determining, by using a preset condition, whether to generate an instruction for detecting the target application; if yes, extracting first target feature information from the target application; acquiring first comparison information from a local SO library, and acquiring second comparison information from a cloud server at the same time, the first comparison information and the second comparison information forming comparison information; comparing the first target feature information with the comparison information to obtain a first comparison result, and outputting and displaying the first comparison result and feeding same back to the cloud server at the same time. By means of the method, in the present application, comparison information for application verification can be stored in a segmented manner, such that the comparison information is not prone to be tampered, thereby improving accuracy of a detection result; the method can also be applied to smart security protection scenarios, so as to promote construction of smart cities.

Description

移动终端应用程序安全检测方法、系统、终端及存储介质Mobile terminal application security detection method, system, terminal and storage medium
本申请要求于2020年10月09日提交中国专利局、申请号为202011073608.9,发明名称为“移动终端应用程序安全检测方法、系统、终端及存储介质”的中国专利申请的优先权,其全部内容通过引用结合在本申请中。This application claims the priority of the Chinese patent application filed on October 9, 2020 with the application number 202011073608.9 and the title of the invention is "Mobile terminal application security detection method, system, terminal and storage medium", the entire content of which is Incorporated herein by reference.
技术领域technical field
本申请涉及应用程序安全技术领域,特别是涉及一种移动终端应用程序安全检测方法、系统、终端及存储介质。The present application relates to the technical field of application security, and in particular, to a mobile terminal application security detection method, system, terminal and storage medium.
背景技术Background technique
Android是一种以Linux为基础的开放源码操作系统,主要使用于手机等移动终端,目前尚未有统一中文名称。Android平台由操作系统、中间件、用户界面和应用软件组成,Android应用程序即指Android平台下的应用软件。Android is an open source operating system based on Linux. It is mainly used in mobile terminals such as mobile phones. Currently, there is no unified Chinese name. The Android platform consists of an operating system, middleware, user interface and application software. An Android application refers to the application software under the Android platform.
随着Android智能手机的普及,逐渐形成了一条针对Android系统的恶意软件的产业链。这些恶意软件通常伪装成正常的应用软件或者游戏欺骗用户安装,一旦进入用户手机,就在后台悄悄定制SP服务或拨打付费电话吸取用户话费,或者收集用户的隐私,或者窃取用户的网银和第三方支付密码以实施进一步的盗窃。据统计,目前已有超过8000种Android恶意软件,超过500万部Android手机遭到了感染。With the popularity of Android smartphones, an industry chain of malware targeting Android systems has gradually formed. These malwares usually disguise themselves as normal application software or games to deceive users into installing them. Once they enter the user's mobile phone, they will quietly customize SP services in the background or make pay calls to collect user bills, or collect users' privacy, or steal users' online banking and third parties. Pay for passwords for further theft. According to statistics, there are more than 8,000 kinds of Android malware, and more than 5 million Android phones have been infected.
目前,为了提升移动终端应用程序安全检测的效率,主要是通过包名校验、签名校验、资源文件校验或者APK文件混淆加固等方案来实现,发明人意识到其依然存在被篡改和反编译的风险,导致现有的校验方式难以准确判断应用程序是否已经被篡改。At present, in order to improve the efficiency of mobile terminal application security detection, it is mainly achieved through package name verification, signature verification, resource file verification, or APK file obfuscation reinforcement. The risk of compilation makes it difficult for the existing verification methods to accurately determine whether the application has been tampered with.
技术问题technical problem
本申请提供一种移动终端应用程序安全检测方法、系统、终端及存储介质,以解决现有的移动终端安全防护检测结果不够准确的问题。The present application provides a mobile terminal application security detection method, system, terminal and storage medium, so as to solve the problem that the existing mobile terminal security protection detection results are not accurate enough.
技术解决方案technical solutions
为解决上述技术问题,本申请采用的一个技术方案是:提供一种移动终端应用程序安全检测方法,包括:当目标应用启动时,利用预设条件判断是否生成检测目标应用的指令;若是,则从目标应用中提取出第一目标特征信息,第一目标特征信息包括用于识别及区分目标应用的特征信息;从本地so库中获取第一比对信息,同时从云服务器中获取第二比对信息,第一比对信息和第二比对信息组成比对信息;将第一目标特征信息与比对信息进行比对,得到第一比对结果,并将第一比对结果输出显示且同时反馈给云服务器。In order to solve the above technical problems, a technical solution adopted in this application is to provide a mobile terminal application security detection method, including: when a target application is started, using a preset condition to determine whether to generate an instruction to detect the target application; if so, then The first target feature information is extracted from the target application, and the first target feature information includes the feature information used to identify and distinguish the target application; the first comparison information is obtained from the local so library, and the second comparison information is obtained from the cloud server at the same time. The comparison information, the first comparison information and the second comparison information constitute comparison information; the first target feature information is compared with the comparison information to obtain a first comparison result, and the first comparison result is output and displayed and displayed. At the same time feedback to the cloud server.
为解决上述技术问题,本申请采用的另一个技术方案是:提供一种移动终端应用程序安全检测方法,包括:当目标应用启动时,利用预设条件判断是否生成检测目标应用的指令;若是,则从目标应用中提取出第二目标特征信息,第二目标特征信息包括目标应用中存在且固定不变的名称和图片信息;将第二目标特征信息发送至云服务器中,利用云服务器对第二目标特征信息进行大数据比对分析且得到第二比对结果;接收云服务器反馈的第二比对结果。In order to solve the above-mentioned technical problem, another technical solution adopted in this application is to provide a mobile terminal application security detection method, including: when the target application is started, using a preset condition to determine whether to generate an instruction to detect the target application; Then extract the second target feature information from the target application, and the second target feature information includes the fixed name and picture information existing in the target application; send the second target feature information to the cloud server, and use the cloud server to Perform big data comparison and analysis on the feature information of the two targets and obtain a second comparison result; and receive the second comparison result fed back by the cloud server.
为解决上述技术问题,本申请采用的另一个技术方案是:提供一种移动终端应用程序安全检测方法,包括:接收由云服务器下发的核心代码程序;从目标应用中提取第三目标特征信息,第三目标特征信息包括目标应用中与核心代码程序对应的待检测代码程序;将核心代码程序与第三目标特征信息进行比对,得到第三比对结果,并将第三比对结果输出显示且同时反馈给云服务器。In order to solve the above technical problems, another technical solution adopted in this application is to provide a mobile terminal application security detection method, including: receiving a core code program issued by a cloud server; extracting third target feature information from a target application , the third target feature information includes the code program to be detected corresponding to the core code program in the target application; compare the core code program with the third target feature information to obtain a third comparison result, and output the third comparison result Displayed and fed back to the cloud server at the same time.
为解决上述技术问题,本申请采用的另一个技术方案是:提供一种移动终端应用程序安全检测系统,包括:第一判断模块,用于当目标应用启动时,利用预设条件判断是否生成检测目标应用的指令;第一提取模块,用于当生成检测目标应用的指令时,从目标应用中提取出第一目标特征信息,第一目标特征信息包括用于识别及区分目标应用的特征信息;获取模块,用于从本地so库中获取第一比对信息,同时从云服务器中获取第二比对信息,第一比对信息和第二比对信息组成比对信息;第一比对模块,用于将第一目标特征信息与比对信息进行比对,得到第一比对结果,并将第一比对结果输出显示且同时反馈给云服务器。In order to solve the above-mentioned technical problems, another technical solution adopted in this application is to provide a mobile terminal application security detection system, including: a first judgment module, configured to use preset conditions to judge whether to generate a detection module when the target application is started The instruction of the target application; the first extraction module is used to extract the first target feature information from the target application when the instruction for detecting the target application is generated, and the first target feature information includes the feature information for identifying and distinguishing the target application; The acquisition module is used to obtain the first comparison information from the local so library, and simultaneously obtain the second comparison information from the cloud server, and the first comparison information and the second comparison information form the comparison information; the first comparison module is used to compare the first target feature information with the comparison information to obtain a first comparison result, output and display the first comparison result and feed it back to the cloud server at the same time.
为解决上述技术问题,本申请采用的再一个技术方案是:提供一种终端,其中,终端包括处理器、与处理器耦接的存储器,存储器上存储有可在处理器上运行的程序文件,其中,处理器执行程序文件时实现以下步骤:当目标应用启动时,利用预设条件判断是否生成检测目标应用的指令;若是,则从目标应用中提取出第一目标特征信息,第一目标特征信息包括用于识别及区分目标应用的特征信息;从本地so库中获取第一比对信息,同时从云服务器中获取第二比对信息,第一比对信息和第二比对信息组成比对信息;将第一目标特征信息与比对信息进行比对,得到第一比对结果,并将第一比对结果输出显示且同时反馈给云服务器。In order to solve the above-mentioned technical problems, another technical solution adopted in the present application is to provide a terminal, wherein the terminal includes a processor and a memory coupled to the processor, and the memory stores a program file that can be run on the processor, Wherein, when the processor executes the program file, the following steps are implemented: when the target application is started, use a preset condition to determine whether to generate an instruction to detect the target application; if so, extract first target feature information from the target application, and the first target feature The information includes the feature information for identifying and distinguishing the target application; the first comparison information is obtained from the local so library, and the second comparison information is obtained from the cloud server at the same time, and the first comparison information and the second comparison information form a comparison Comparing information; comparing the first target feature information with the comparison information to obtain a first comparison result, and outputting and displaying the first comparison result and feeding it back to the cloud server at the same time.
为解决上述技术问题,本申请采用的再一个技术方案是:提供一种终端,其中,终端包括处理器、与处理器耦接的存储器,存储器上存储有可在处理器上运行的程序文件,其中,处理器执行程序文件时实现以下步骤:当目标应用启动时,利用预设条件判断是否生成检测目标应用的指令;若是,则从目标应用中提取出第二目标特征信息,第二目标特征信息包括目标应用中存在且固定不变的名称和图片信息;将第二目标特征信息发送至云服务器中,利用云服务器对第二目标特征信息进行大数据比对分析且得到第二比对结果;接收云服务器反馈的第二比对结果。In order to solve the above-mentioned technical problems, another technical solution adopted in the present application is to provide a terminal, wherein the terminal includes a processor and a memory coupled to the processor, and the memory stores a program file that can be run on the processor, Wherein, when the processor executes the program file, the following steps are implemented: when the target application starts, use a preset condition to determine whether to generate an instruction to detect the target application; if so, extract second target feature information from the target application, and the second target feature The information includes the fixed name and picture information existing in the target application; the second target feature information is sent to the cloud server, and the cloud server is used to perform big data comparison analysis on the second target feature information and obtain the second comparison result ; Receive the second comparison result fed back by the cloud server.
为解决上述技术问题,本申请采用的再一个技术方案是:提供一种终端,其中,终端包括处理器、与处理器耦接的存储器,存储器上存储有可在处理器上运行的程序文件,其中,处理器执行程序文件时实现以下步骤:接收由云服务器下发的核心代码程序;从目标应用中提取第三目标特征信息,第三目标特征信息包括目标应用中与核心代码程序对应的待检测代码程序;将核心代码程序与第三目标特征信息进行比对,得到第三比对结果,并将第三比对结果输出显示且同时反馈给云服务器。In order to solve the above-mentioned technical problems, another technical solution adopted in the present application is to provide a terminal, wherein the terminal includes a processor and a memory coupled to the processor, and the memory stores a program file that can be run on the processor, Wherein, when the processor executes the program file, the following steps are implemented: receiving the core code program issued by the cloud server; extracting third target feature information from the target application, where the third target feature information includes the waiting list corresponding to the core code program in the target application Detecting the code program; comparing the core code program with the third target feature information to obtain a third comparison result, and outputting and displaying the third comparison result and feeding it back to the cloud server at the same time.
为解决上述技术问题,本申请采用的再一个技术方案是:提供一种存储介质,其中,存储有能够实现移动终端应用程序安全检测方法的程序文件,程序文件被处理器执行时实现以下步骤:当目标应用启动时,利用预设条件判断是否生成检测目标应用的指令;若是,则从目标应用中提取出第一目标特征信息,第一目标特征信息包括用于识别及区分目标应用的特征信息;从本地so库中获取第一比对信息,同时从云服务器中获取第二比对信息,第一比对信息和第二比对信息组成比对信息;将第一目标特征信息与比对信息进行比对,得到第一比对结果,并将第一比对结果输出显示且同时反馈给云服务器。In order to solve the above-mentioned technical problems, another technical solution adopted in the present application is to provide a storage medium, wherein a program file capable of realizing a mobile terminal application security detection method is stored, and the following steps are realized when the program file is executed by the processor: When the target application is started, the preset condition is used to determine whether to generate an instruction for detecting the target application; if so, the first target feature information is extracted from the target application, and the first target feature information includes feature information for identifying and distinguishing the target application. Obtain the first comparison information from the local so library, simultaneously obtain the second comparison information from the cloud server, the first comparison information and the second comparison information form the comparison information; The first target feature information and comparison The information is compared to obtain a first comparison result, and the first comparison result is output and displayed and fed back to the cloud server at the same time.
为解决上述技术问题,本申请采用的再一个技术方案是:提供一种存储介质,其中,存储有能够实现移动终端应用程序安全检测方法的程序文件,程序文件被处理器执行时实现以下步骤:当目标应用启动时,利用预设条件判断是否生成检测目标应用的指令;若是,则从目标应用中提取出第二目标特征信息,第二目标特征信息包括目标应用中存在且固定不变的名称和图片信息;将第二目标特征信息发送至云服务器中,利用云服务器对第二目标特征信息进行大数据比对分析且得到第二比对结果;接收云服务器反馈的第二比对结果。In order to solve the above-mentioned technical problems, another technical solution adopted in the present application is to provide a storage medium, wherein a program file capable of realizing a mobile terminal application security detection method is stored, and the following steps are realized when the program file is executed by the processor: When the target application is started, the preset condition is used to determine whether to generate an instruction for detecting the target application; if so, the second target feature information is extracted from the target application, and the second target feature information includes the name that exists in the target application and is fixed. and picture information; send the second target feature information to the cloud server, use the cloud server to perform big data comparison analysis on the second target feature information and obtain a second comparison result; receive the second comparison result fed back by the cloud server.
为解决上述技术问题,本申请采用的再一个技术方案是:提供一种存储介质,其中,存储有能够实现移动终端应用程序安全检测方法的程序文件,程序文件被处理器执行时实现以下步骤:接收由云服务器下发的核心代码程序;从目标应用中提取第三目标特征信息,第三目标特征信息包括目标应用中与核心代码程序对应的待检测代码程序;将核心代码程序与第三目标特征信息进行比对,得到第三比对结果,并将第三比对结果输出显示且同时反馈给云服务器。In order to solve the above-mentioned technical problems, another technical solution adopted in the present application is to provide a storage medium, wherein a program file capable of realizing a mobile terminal application security detection method is stored, and the following steps are realized when the program file is executed by the processor: Receive the core code program issued by the cloud server; extract third target feature information from the target application, where the third target feature information includes the code program to be detected corresponding to the core code program in the target application; associate the core code program with the third target The feature information is compared to obtain a third comparison result, and the third comparison result is output and displayed and fed back to the cloud server at the same time.
有益效果beneficial effect
本申请的有益效果是:本申请的移动终端应用程序安全检测方法通过将用于验证第一目标特征信息的比对信息分为两段,一段存储在so库中,一段存储在云服务器中,该种分段存储比对信息的方式,即使受到病毒程序的攻击,被篡改的也会只是其中一部分比对信息,而无法完成对完整比对信息的篡改,因此,在对目标应用进行安全检测时,分别从so库中获取第一比对信息,从云服务器中获取第二比对信息,利用第一比对信息和第二比对信息组成的比对信息与第一目标特征信息进行比对,以确认第一目标特征信息是否被篡改,其使得最终的校验结果准确。此外,预设条件的设置,使得对检测目标应用的次数进行控制,减少了数据处理量,避免频繁占用资源。The beneficial effects of the present application are: the mobile terminal application security detection method of the present application divides the comparison information for verifying the first target feature information into two sections, one section is stored in the so library, and one section is stored in the cloud server, This method of storing comparison information in segments, even if it is attacked by a virus program, only a part of the comparison information will be tampered with, and the tampering of the complete comparison information cannot be completed. When the first comparison information is obtained from the so library, the second comparison information is obtained from the cloud server, and the comparison information composed of the first comparison information and the second comparison information is compared with the first target feature information. Yes, to confirm whether the first target feature information has been tampered with, which makes the final verification result accurate. In addition, the setting of the preset conditions makes it possible to control the number of detection target applications, reduce the amount of data processing, and avoid frequent resource occupation.
附图说明Description of drawings
图1是本申请第一实施例的移动终端应用程序安全检测方法的流程示意图;1 is a schematic flowchart of a mobile terminal application security detection method according to a first embodiment of the present application;
图2是本申请第二实施例的移动终端应用程序安全检测方法的流程示意图;2 is a schematic flowchart of a mobile terminal application security detection method according to a second embodiment of the present application;
图3是本申请第三实施例的移动终端应用程序安全检测方法的流程示意图;3 is a schematic flowchart of a mobile terminal application security detection method according to a third embodiment of the present application;
图4是本申请第四实施例的移动终端应用程序安全检测方法的流程示意图;4 is a schematic flowchart of a mobile terminal application security detection method according to a fourth embodiment of the present application;
图5是本申请第一实施例的移动终端应用程序安全检测系统的功能模块示意图;5 is a schematic diagram of functional modules of the mobile terminal application security detection system according to the first embodiment of the present application;
图6是本申请第二实施例的移动终端应用程序安全检测系统的功能模块示意图;6 is a schematic diagram of functional modules of a mobile terminal application security detection system according to a second embodiment of the present application;
图7是本申请第三实施例的移动终端应用程序安全检测系统的功能模块示意图;7 is a schematic diagram of functional modules of a mobile terminal application security detection system according to a third embodiment of the present application;
图8是本申请实施例的终端的结构示意图;8 is a schematic structural diagram of a terminal according to an embodiment of the present application;
图9是本申请实施例的存储介质的结构示意图。FIG. 9 is a schematic structural diagram of a storage medium according to an embodiment of the present application.
本发明的实施方式Embodiments of the present invention
下面将结合本申请实施例中的附图,对本申请实施例中的技术方案进行清楚、完整地描述,显然,所描述的实施例仅是本申请的一部分实施例,而不是全部的实施例。基于本申请中的实施例,本领域普通技术人员在没有做出创造性劳动前提下所获得的所有其他实施例,都属于本申请保护的范围。The technical solutions in the embodiments of the present application will be clearly and completely described below with reference to the drawings in the embodiments of the present application. Obviously, the described embodiments are only a part of the embodiments of the present application, but not all of the embodiments. Based on the embodiments in the present application, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present application.
本申请中的术语“第一”、“第二”、“第三”仅用于描述目的,而不能理解为指示或暗示相对重要性或者隐含指明所指示的技术特征的数量。由此,限定有“第一”、“第二”、“第三”的特征可以明示或者隐含地包括至少一个该特征。本申请的描述中,“多个”的含义是至少两个,例如两个,三个等,除非另有明确具体的限定。本申请实施例中所有方向性指示(诸如上、下、左、右、前、后……)仅用于解释在某一特定姿态(如附图所示)下各部件之间的相对位置关系、运动情况等,如果该特定姿态发生改变时,则该方向性指示也相应地随之改变。此外,术语“包括”和“具有”以及它们任何变形,意图在于覆盖不排他的包含。例如包含了一系列步骤或单元的过程、方法、系统、产品或设备没有限定于已列出的步骤或单元,而是可选地还包括没有列出的步骤或单元,或可选地还包括对于这些过程、方法、产品或设备固有的其它步骤或单元。The terms "first", "second" and "third" in this application are only used for descriptive purposes, and should not be construed as indicating or implying relative importance or implying the number of indicated technical features. Thus, a feature defined as "first", "second", "third" may expressly or implicitly include at least one of that feature. In the description of the present application, "a plurality of" means at least two, such as two, three, etc., unless otherwise expressly and specifically defined. All directional indications (such as up, down, left, right, front, rear...) in the embodiments of the present application are only used to explain the relative positional relationship between the various components under a certain posture (as shown in the accompanying drawings). , motion situation, etc., if the specific posture changes, the directional indication also changes accordingly. Furthermore, the terms "comprising" and "having" and any variations thereof are intended to cover non-exclusive inclusion. For example, a process, method, system, product or device comprising a series of steps or units is not limited to the listed steps or units, but optionally also includes unlisted steps or units, or optionally also includes For other steps or units inherent to these processes, methods, products or devices.
在本文中提及“实施例”意味着,结合实施例描述的特定特征、结构或特性可以包含在本申请的至少一个实施例中。在说明书中的各个位置出现该短语并不一定均是指相同的实施例,也不是与其它实施例互斥的独立的或备选的实施例。本领域技术人员显式地和隐式地理解的是,本文所描述的实施例可以与其它实施例相结合。Reference herein to an "embodiment" means that a particular feature, structure, or characteristic described in connection with the embodiment can be included in at least one embodiment of the present application. The appearances of the phrase in various places in the specification are not necessarily all referring to the same embodiment, nor a separate or alternative embodiment that is mutually exclusive of other embodiments. It is explicitly and implicitly understood by those skilled in the art that the embodiments described herein may be combined with other embodiments.
图1是本申请第一实施例的移动终端应用程序安全检测方法的流程示意图。需注意的是,若有实质上相同的结果,本申请的方法并不以图1所示的流程顺序为限。如图1所示,该方法包括步骤:FIG. 1 is a schematic flowchart of a mobile terminal application security detection method according to a first embodiment of the present application. It should be noted that, if there is substantially the same result, the method of the present application is not limited to the sequence of the processes shown in FIG. 1 . As shown in Figure 1, the method includes the steps:
步骤S101:当目标应用启动时,利用预设条件判断是否生成检测目标应用的指令。若是,则执行步骤S102。Step S101: When the target application is started, it is determined by using a preset condition whether to generate an instruction for detecting the target application. If yes, step S102 is executed.
具体地,该预设条件预先设置。本实施例中,通过预设条件的设置,从而对检测目标应用的次数进行控制,避免每次目标应用启动均进行检测,进而达到减少数据处理量的目的。若未生成检测所述目标应用的指令,则不需要对目标应用进行检测,直接启动该目标应用。Specifically, the preset condition is preset. In this embodiment, by setting the preset conditions, the number of times of detecting the target application is controlled, so as to avoid detection every time the target application is started, thereby achieving the purpose of reducing the amount of data processing. If the instruction for detecting the target application is not generated, the target application does not need to be detected, and the target application is directly started.
进一步的,在一些实施例中,预设条件可以为对目标应用进行周期性的检测的方式从而控制对目标应用的检测频率,因此,步骤S101具体包括:Further, in some embodiments, the preset condition may be to periodically detect the target application to control the detection frequency of the target application. Therefore, step S101 specifically includes:
1、当目标应用启动时,获取目标应用上一次检测时间与当前时间的时间间隔。1. When the target application starts, obtain the time interval between the last detection time of the target application and the current time.
2、当时间间隔超过预设阈值时,生成检测目标应用的指令。2. When the time interval exceeds the preset threshold, generate an instruction to detect the target application.
需要说明的是,该预设阈值预先设置,例如可以设置为1天。It should be noted that the preset threshold is preset, for example, it can be set to 1 day.
其中,在每次检测完目标应用之后,开始计时,当再次启动目标应用时,获取当前时间与上一次检测目标应用程序的时间间隔,再判断该时间间隔与预设阈值之间的大小关系,当时间间隔超过预设阈值时,说明已经较长时间未检测目标应用,则生成检测目标应用的指令。本实施例利用时间间隔来限定目标应用的检测频率,减少了目标应用的检测次数。并且,通过将目标应用是否启动作为确认是否需要对目标应用进行检测的前提,使得对于用户不会去启动的目标应用,不需要耗费资源去进行检测。Among them, after each detection of the target application, start timing, and when the target application is started again, obtain the time interval between the current time and the last detection of the target application, and then determine the size relationship between the time interval and the preset threshold, When the time interval exceeds the preset threshold, it means that the target application has not been detected for a long time, and an instruction for detecting the target application is generated. In this embodiment, the time interval is used to limit the detection frequency of the target application, thereby reducing the detection times of the target application. In addition, by taking whether the target application is started or not as a precondition for confirming whether the target application needs to be detected, the target application that the user will not start does not need to consume resources to perform the detection.
此外,还可以设置为:当每天第一次启动目标应用时,生成检测目标应用的指令。若当天不是第一次启动目标应用,则不需要对目标应用进行检测。In addition, it can also be set to generate an instruction for detecting the target application when the target application is started for the first time every day. If the target application is not started for the first time on that day, the target application does not need to be detected.
进一步的,在一些实施例中,预设条件还可以为随机的方式来确认是否需要对目标应用进行检测,因此,步骤S101具体包括:Further, in some embodiments, the preset condition may be determined in a random manner to determine whether the target application needs to be detected. Therefore, step S101 specifically includes:
1、当目标应用启动时,执行预先设置的随机程序得到一个随机结果,随机结果包括检测目标应用和不检测目标应用。1. When the target application is started, a preset random program is executed to obtain a random result, and the random result includes detecting the target application and not detecting the target application.
2、若随机结果为检测目标应用,则生成检测目标应用的指令。2. If the random result is the detection target application, an instruction for detecting the target application is generated.
其中,为了降低对目标应用的检测频率,针对于目标应用设定一个随机程序,随机结果包括有检测目标应用和不检测目标应用,当目标应用启动时,若随机抽取到的结果为检测目标应用,则生成验证所述目标应用的指令,若抽取到的结果为不检测目标应用,则不执行任何操作。通过这种随机抽取的方式,减少了目标应用的检测频率。并且,随机程序只会在目标应用启动时执行,使得对于目标应用的检测存在很大的概率性,让病毒程序难以确认哪一次启动目标应用会被检测,进一步提升了目标应用的安全防护性能。Among them, in order to reduce the detection frequency of the target application, a random program is set for the target application. The random result includes detecting the target application and not detecting the target application. When the target application is started, if the randomly selected result is the target application detection , an instruction for verifying the target application is generated, and if the extracted result is that the target application is not detected, no operation is performed. Through this random sampling method, the detection frequency of the target application is reduced. In addition, the random program will only be executed when the target application is started, which makes the detection of the target application highly probabilistic, making it difficult for the virus program to confirm which time the target application will be detected when the target application is started, which further improves the security protection performance of the target application.
进一步的,考虑到不同的应用的启动次数存在较大差异,因此,为了更为合理的进行应用安全检测,随机结果中检测目标应用和不检测目标应用的出现概率可以预设设置。例如,针对于频繁启动的一类应用,将其对应的随机结果中检测目标应用的出现概率设置较低,不检测目标应用的出现概率设置较高。针对于不频繁启动的一类应用,将其对应的随机结果中检测目标应用的出现概率设置较高,不检测目标应用的出现概率设置较低。从而,通过对随机结果出现概率进行设定,从而控制检测目标应用的次数,避免频繁检测而导致占用过多资源。例如:微信,用户每天启动微信的次数非常频繁,此时,为了避免频繁的对微信进行检测,则可以将微信对应的随机结果中检测目标应用的出现概率设置较低,将不检测目标应用的出现概率设置较高,从而达到控制检测微信的频率。Further, considering that the startup times of different applications are quite different, in order to perform application security detection more reasonably, the occurrence probability of detecting the target application and not detecting the target application in the random result can be preset. For example, for a class of applications that are started frequently, the probability of occurrence of the detected target application in the corresponding random result is set to be low, and the probability of occurrence of the target application not to be detected is set to be high. For a class of applications that are not started frequently, set the probability of occurrence of the detected target application in the corresponding random result to be high, and set the probability of occurrence of the target application not to be detected to be low. Therefore, by setting the probability of occurrence of random results, the number of times of detecting the target application can be controlled, so as to avoid frequent detection and cause excessive resource occupation. For example: WeChat, users start WeChat very frequently every day. At this time, in order to avoid frequent detection of WeChat, the probability of occurrence of the detected target application in the random results corresponding to WeChat can be set to be low, and the target application will not be detected. The probability of occurrence is set to be high, so as to control the frequency of WeChat detection.
需要理解的是,目标应用的预设条件还可由用户指定,通过将周期性检测方式和随机检测方式均置入移动终端中,然后由用户进行指定,例如,用户指定A目标应用采用周期性检测的方式,用户指定B目标应用采用随机检测的方式,从而满足用户的不同需求。It should be understood that the preset conditions of the target application can also be specified by the user, by placing both the periodic detection method and the random detection method into the mobile terminal, and then specified by the user. For example, the user specifies that the target application A uses periodic detection. , the user specifies that the B target application adopts the random detection method, so as to meet the different needs of the user.
步骤S102:从目标应用中提取出第一目标特征信息,第一目标特征信息包括用于识别及区分目标应用的特征信息。Step S102: Extract first target feature information from the target application, where the first target feature information includes feature information for identifying and distinguishing target applications.
具体地,该第一目标特征信息包括包名和签名。其中,包名(Package name)在Android系统中是判断一个App的唯一标识,不同的App可以有同样的名字,但是它的包名不可以相同。例如,我们可以自己编译生成一个App也叫“微信”,但是其包名不能为com.tencent.mm(微信的包名),如果两个App的包名相同,移动终端只允许安装这两个App中的其中一个。而为了让移动终端来辨识哪一个App为所需要的App,则需要通过App的签名来进行辨识,App签名的意义在于:保证每个应用程序开发商合法ID,防止部分开放商可能通过使用相同的包名来混淆替换已经安装的程序,需要对发布的APK文件进行唯一签名,保证每次发布的版本的一致性。Specifically, the first target feature information includes a package name and a signature. Among them, the package name is the unique identifier for judging an app in the Android system. Different apps can have the same name, but their package names cannot be the same. For example, we can compile and generate an app called "WeChat", but its package name cannot be com.tencent.mm (WeChat's package name). If the package names of two apps are the same, the mobile terminal only allows these two apps to be installed. One of the apps. In order for the mobile terminal to identify which App is the required App, it needs to be identified by the App signature. The significance of the App signature is to ensure the legal ID of each application developer and prevent some developers from using the same To obfuscate and replace the installed program, the released APK file needs to be uniquely signed to ensure the consistency of each released version.
步骤S103:从本地so库中获取第一比对信息,同时从云服务器中获取第二比对信息,第一比对信息和第二比对信息组成比对信息。Step S103: Obtain the first comparison information from the local so library, and simultaneously obtain the second comparison information from the cloud server, and the first comparison information and the second comparison information form the comparison information.
需要说明的是,开发人员在开发该目标应用后,从中提取出所有的包名和签名,然后将包名和签名进行截断,将包名的一部分和签名的一部分作为第一比对信息存储至so库中,将包名的另一部分和签名的另一部分作为第二比对信息存储至云服务器中,当需要利用包名和签名进行比对时,则需要从so库中获取第一比对信息,从云服务器中获取第二比对信息,将第一比对信息和第二比对信息组合为比对信息后,才可与第一目标特征信息进行比对。It should be noted that, after developing the target application, the developer extracts all package names and signatures, then truncates the package names and signatures, and stores part of the package name and part of the signature as the first comparison information in the so library , the other part of the package name and the other part of the signature are stored in the cloud server as the second comparison information. When the package name and the signature need to be used for comparison, the first comparison information needs to be obtained from the so library, from The second comparison information is obtained in the cloud server, and the first comparison information and the second comparison information are combined into comparison information, and then the comparison with the first target feature information can be performed.
进一步的,在一些实施例中,为了提升最终检测结果的准确性,将第一比对信息和第二比对信息组成比对信息时,还需要对第一比对信息和第二比对信息进行验证,因此,步骤S103具体包括:Further, in some embodiments, in order to improve the accuracy of the final detection result, when the first comparison information and the second comparison information are formed into the comparison information, the first comparison information and the second comparison information also need to be compared. Verification is performed, therefore, step S103 specifically includes:
1、检测第一比对信息上预留的验证信息与第二比对信息上预留的验证信息是否匹配。1. Detect whether the verification information reserved in the first comparison information matches the verification information reserved in the second comparison information.
具体地,开发人员在对包名和签名进行截断,得到第一比对信息和第二比对信息时,还需分别在第一比对信息和第二比对信息上预留验证信息,当组合第一比对信息和第二比对信息时,通过第一比对信息和第二比对信息上预留的验证信息进行匹配,从而判断第一比对信息和第二比对信息中是否有被篡改,以保证最终的比对信息的准确性。例如,通过在第一比对信息和第二比对信息均设置一个标志位,在进行组合是,验证第一比对信息和第二比对信息上的标志位是否匹配。Specifically, when developers truncate the package name and signature to obtain the first comparison information and the second comparison information, they also need to reserve verification information on the first comparison information and the second comparison information respectively. When the first comparison information and the second comparison information are matched, the verification information reserved on the first comparison information and the second comparison information is matched, so as to determine whether there is any in the first comparison information and the second comparison information. tampered to ensure the accuracy of the final comparison information. For example, by setting a flag bit in both the first comparison information and the second comparison information, when combining, it is verified whether the flag bits on the first comparison information and the second comparison information match.
2、若匹配,则组合得到比对信息。2. If there is a match, the combination will obtain the comparison information.
3、若不匹配,则输出比对信息被篡改的消息。3. If there is no match, output a message that the comparison information has been tampered with.
本实施例中,通过对第一比对信息和第二比对信息进行匹配验证,从而确认第一比对信息和第二比对信息中是否被篡改,进而保证最终得到的比对信息准确。而比对信息被篡改,则说明目标应用也已经被篡改,不需要再进行第一目标特征信息与比对信息之间的比对。In this embodiment, by performing matching verification between the first comparison information and the second comparison information, it is confirmed whether the first comparison information and the second comparison information have been tampered with, thereby ensuring that the finally obtained comparison information is accurate. If the comparison information is tampered, it means that the target application has also been tampered with, and there is no need to perform the comparison between the first target feature information and the comparison information.
步骤S104:将第一目标特征信息与比对信息进行比对,得到第一比对结果,并将第一比对结果输出显示且同时反馈给云服务器。Step S104: Comparing the first target feature information with the comparison information to obtain a first comparison result, and outputting and displaying the first comparison result and feeding it back to the cloud server at the same time.
进一步的,为了进一步保证用户的利益,防止用户的信息被窃取,本实施例中,在步骤S104之后,还包括:当根据第一比对结果确认目标应用的程序被篡改时,终止目标应用,再利用预先设定的禁止程序禁止目标应用启动,同时发出告警信息以提醒用户。Further, in order to further ensure the interests of the user and prevent the user's information from being stolen, in this embodiment, after step S104, it also includes: when it is confirmed that the program of the target application has been tampered with according to the first comparison result, terminating the target application, Then use the pre-set prohibition program to prohibit the target application from starting, and at the same time send out an alarm message to remind the user.
本申请第一实施例的移动终端应用程序安全检测方法通过将用于验证第一目标特征信息的比对信息分为两段,一段存储在so库中,一段存储在云服务器中,该种分段存储比对信息的方式,即使受到病毒程序的攻击,被篡改的也会只是其中一部分比对信息,而无法完成对完整比对信息的篡改,因此,在对目标应用进行安全检测时,分别从so库中获取第一比对信息,从云服务器中获取第二比对信息,利用第一比对信息和第二比对信息组成的比对信息与第一目标特征信息进行比对,以确认第一目标特征信息是否被篡改,其使得最终的校验结果准确。此外,预设条件的设置,使得对检测目标应用的次数进行控制,减少了数据处理量,避免频繁占用资源。The mobile terminal application security detection method according to the first embodiment of the present application divides the comparison information used to verify the first target feature information into two sections, one section is stored in the so library, and the other section is stored in the cloud server. In the way of segment storage comparison information, even if it is attacked by a virus program, only part of the comparison information will be tampered with, and the complete comparison information cannot be tampered with. The first comparison information is obtained from the so library, the second comparison information is obtained from the cloud server, and the comparison information composed of the first comparison information and the second comparison information is used to compare the first target feature information to Confirm whether the first target feature information has been tampered with, which makes the final verification result accurate. In addition, the setting of the preset conditions makes it possible to control the number of detection target applications, reduce the amount of data processing, and avoid frequent resource occupation.
图2是本申请第二实施例的移动终端应用程序安全检测方法的流程示意图。需注意的是,若有实质上相同的结果,本申请的方法并不以图2所示的流程顺序为限。如图2所示,该方法包括步骤:FIG. 2 is a schematic flowchart of a mobile terminal application security detection method according to a second embodiment of the present application. It should be noted that, if there is substantially the same result, the method of the present application is not limited to the sequence of the processes shown in FIG. 2 . As shown in Figure 2, the method includes the steps:
步骤S201:当目标应用启动时,利用预设条件判断是否生成检测目标应用的指令。若是,则执行步骤S202。Step S201 : when the target application is started, it is determined by using a preset condition whether to generate an instruction for detecting the target application. If yes, step S202 is executed.
在本实施例中,图2中的步骤S201和图1中的步骤S101类似,为简约起见,在此不再赘述。In this embodiment, step S201 in FIG. 2 is similar to step S101 in FIG. 1 , and for the sake of brevity, details are not repeated here.
步骤S202:从目标应用中提取出第一目标特征信息。Step S202: Extract the first target feature information from the target application.
在本实施例中,图2中的步骤S202和图1中的步骤S102类似,为简约起见,在此不再赘述。In this embodiment, step S202 in FIG. 2 is similar to step S102 in FIG. 1 , and for the sake of brevity, details are not repeated here.
步骤S203:从本地so库中获取第一比对信息,同时从云服务器中获取第二比对信息,第一比对信息和第二比对信息组成比对信息。Step S203: Obtain the first comparison information from the local so library, and simultaneously obtain the second comparison information from the cloud server, and the first comparison information and the second comparison information form the comparison information.
在本实施例中,图2中的步骤S203和图1中的步骤S103类似,为简约起见,在此不再赘述。In this embodiment, step S203 in FIG. 2 is similar to step S103 in FIG. 1 , and for the sake of brevity, details are not repeated here.
步骤S204:将第一目标特征信息与比对信息进行比对,得到第一比对结果,并将第一比对结果输出显示且同时反馈给云服务器。Step S204: Comparing the first target feature information with the comparison information to obtain a first comparison result, and outputting and displaying the first comparison result and feeding it back to the cloud server at the same time.
在本实施例中,图2中的步骤S204和图1中的步骤S104类似,为简约起见,在此不再赘述。In this embodiment, step S204 in FIG. 2 is similar to step S104 in FIG. 1 , and for the sake of brevity, details are not repeated here.
步骤S205:当目标应用与外部终端发生数据交互时,从so库中获取第一密钥段,同时从云服务器中获取第二密钥段,第一密钥段和第二密钥段组成密钥。Step S205: when the target application interacts with the external terminal, the first key segment is obtained from the so library, and the second key segment is obtained from the cloud server at the same time. The first key segment and the second key segment form a secret key segment. key.
具体地,开发人员在开发目标应用后,将目标应用的密钥划分为两段,第一密钥段存储至so库中,第二密钥段存储云服务器中,从而使得病毒程序无法直接获取到完整的密钥,降低密钥泄露的可能性。Specifically, after developing the target application, the developer divides the key of the target application into two segments, the first key segment is stored in the so library, and the second key segment is stored in the cloud server, so that the virus program cannot be directly obtained. to the complete key, reducing the possibility of key leakage.
需要说明的是,第一密钥段和第二密钥段上预先设置有验证信息,且第一密钥段的验证消息和第二密钥段的验证消息匹配。当第一密钥段与第二密钥段进行组合时,将第一密钥段的验证信息与第二密钥段的验证信息进行匹配,若匹配成功,则第一密钥段和第二密钥段组成密钥,若匹配失败,则输出密钥被篡改的消息。It should be noted that verification information is preset on the first key segment and the second key segment, and the verification message of the first key segment matches the verification message of the second key segment. When the first key segment and the second key segment are combined, the verification information of the first key segment is matched with the verification information of the second key segment. The key segment constitutes the key, and if the match fails, a message that the key has been tampered with is output.
步骤S206:利用密钥加密需要发送的信息和/或利用密钥解密接收到的信息。Step S206: Encrypt the information to be sent with the key and/or decrypt the received information with the key.
步骤S207:当目标应用终止时,将组合生成的密钥删除。Step S207: when the target application is terminated, delete the key generated by the combination.
具体地,当目标应用终止时,即用户不再需要使用目标应用与外部终端进行信息交互,此时即可删除之前生成的密钥,防止其被病毒程序窃取。Specifically, when the target application is terminated, that is, the user no longer needs to use the target application to interact with the external terminal, the previously generated key can be deleted to prevent it from being stolen by the virus program.
本申请第二实施例的移动终端应用程序安全检测方法在第一实施例的基础上,通过将密钥分段存储,使得密钥难以被病毒程序完整获取,进而保证目标应用与外部终端之间数据通信的安全性,并且,在目标应用终止时,及时删除组合生成的密钥,防止其被病毒程序窃取后通过反编译的方式来破解目标应用,提升了目标应用的防护性能。On the basis of the first embodiment, the mobile terminal application security detection method according to the second embodiment of the present application stores the key in segments, making it difficult for the key to be completely acquired by the virus program, thereby ensuring the connection between the target application and the external terminal. The security of data communication, and when the target application is terminated, the key generated by the combination is deleted in time to prevent it from being stolen by the virus program and then decompiled to crack the target application, which improves the protection performance of the target application.
图3是本申请第三实施例的移动终端应用程序安全检测方法的流程示意图。需注意的是,若有实质上相同的结果,本申请的方法并不以图3所示的流程顺序为限。如图3所示,该方法包括步骤:FIG. 3 is a schematic flowchart of a mobile terminal application security detection method according to a third embodiment of the present application. It should be noted that, if there is substantially the same result, the method of the present application is not limited to the sequence of the processes shown in FIG. 3 . As shown in Figure 3, the method includes the steps:
步骤S301:当目标应用启动时,利用预设条件判断是否生成检测目标应用的指令。若是,则执行步骤S302。Step S301 : when the target application is started, it is determined by using a preset condition whether to generate an instruction for detecting the target application. If yes, step S302 is executed.
在本实施例中,图3中的步骤S301和图1中的步骤S101类似,为简约起见,在此不再赘述。In this embodiment, step S301 in FIG. 3 is similar to step S101 in FIG. 1 , and for the sake of brevity, details are not repeated here.
步骤S302:从目标应用中提取出第二目标特征信息,第二目标特征信息包括目标应用中存在且固定不变的名称和图片信息。Step S302: Extract second target feature information from the target application, where the second target feature information includes the fixed name and picture information existing in the target application.
具体地,该第二目标特征信息包括目标应用中存在且固定不变的名称和图片信息,其中名称信息可以为诸如目标应用的名称、目标应用中模块的名称等固定不变的名称,图片信息可以为目标应用的logo,目标应用的页面上的图片等。需要说明的是,考虑到目标应用中的资源名称和图片的数据量较大,因此,本实施例采用随机抽取的方式,随机抽取第二目标特征信息,而不需要获取所有的第二目标特征信息。Specifically, the second target feature information includes a fixed name and picture information existing in the target application, wherein the name information can be a fixed name such as the name of the target application, the name of a module in the target application, etc., and the picture information It can be the logo of the target application, the picture on the page of the target application, etc. It should be noted that, considering the large amount of data of resource names and pictures in the target application, this embodiment adopts a random extraction method to randomly extract the second target feature information without acquiring all the second target features. information.
步骤S303:将第二目标特征信息发送至云服务器中,利用云服务器对第二目标特征信息进行大数据比对分析且得到第二比对结果。Step S303: Send the second target feature information to the cloud server, and use the cloud server to perform big data comparison analysis on the second target feature information and obtain a second comparison result.
具体地,通过将第二目标特征信息上传至云服务器,利用云服务器对第二目标特征信息进行大数据比对分析从而得到第三比对结果。其中,云服务器在对第二目标特征信息进行比对分析时,主要利用目标应用的各个版本的资源名称和图片与第二目标特征信息进行比对,并且,在比对时,通过需要先获取移动终端的目标应用的当前版本号,然后获取该版本号对应的资源名称和图片,再与第二目标特征信息进行比对。Specifically, the third comparison result is obtained by uploading the second target feature information to the cloud server, and using the cloud server to perform big data comparison and analysis on the second target feature information. Wherein, when the cloud server compares and analyzes the second target feature information, it mainly uses the resource names and pictures of each version of the target application to compare with the second target feature information. The current version number of the target application of the mobile terminal, and then the resource name and picture corresponding to the version number are obtained, and then compared with the second target feature information.
步骤S304:接收云服务器反馈的第二比对结果。Step S304: Receive the second comparison result fed back by the cloud server.
具体地,得到第二比对结果之后,云服务器保存该第二比对结果,此外,还需将该第二比对结果同步至移动终端以告知用户比对的情况。Specifically, after the second comparison result is obtained, the cloud server saves the second comparison result, and in addition, the second comparison result needs to be synchronized to the mobile terminal to inform the user of the comparison situation.
本申请第三实施例的移动终端应用程序安全检测方法通过利用随机抽取部分第二目标特征信息上传至云服务器,利用云服务器对第二目标特征信息进行大数据分析比对,再获取比对得到的第二比对结果,其不需要在移动终端自身完成数据分析和比对的过程,降低了对资源的占用,同时,云服务器中的数据难以被篡改,因此,采用云服务器比对的方式,其比对结果准确性更高。In the mobile terminal application security detection method according to the third embodiment of the present application, a portion of the second target feature information is randomly extracted and uploaded to the cloud server, and the cloud server is used to perform big data analysis and comparison on the second target feature information, and then obtain and compare the result. The second comparison result, which does not need to complete the process of data analysis and comparison in the mobile terminal itself, reduces the occupation of resources, and at the same time, the data in the cloud server is difficult to be tampered with. Therefore, the method of cloud server comparison is adopted. , the comparison result is more accurate.
图4是本申请第四实施例的移动终端应用程序安全检测方法的流程示意图。需注意的是,若有实质上相同的结果,本申请的方法并不以图4所示的流程顺序为限。如图4所示,该方法包括步骤:FIG. 4 is a schematic flowchart of a mobile terminal application security detection method according to a fourth embodiment of the present application. It should be noted that, if there is substantially the same result, the method of the present application is not limited to the sequence of the processes shown in FIG. 4 . As shown in Figure 4, the method includes the steps:
步骤S401:接收由云服务器下发的核心代码程序。Step S401: Receive the core code program issued by the cloud server.
具体地,核心代码程序是指目标应用中的非常重要的代码程序,本实施例中还可通过目标应用中的核心代码程序进行检测,例如:实现“支付功能”的代码。现有的病毒程序主要是针对于目标应用的核心程序进行篡改,从而达到获利的目的,例如,通过篡改目标应用的“支付功能”对应的核心程序,从而使得用户在目标应用上的支付信息被窃取,导致用户利益受到损失,因此,本实施例还可针对于目标应用的核心程序进行检测。其中,云服务器下发核心代码程序的频率由开发人员设定,可以为间隔预设时间下发一次。Specifically, the core code program refers to a very important code program in the target application. In this embodiment, detection can also be performed through the core code program in the target application, for example, a code that implements a "payment function". The existing virus program is mainly aimed at tampering with the core program of the target application, so as to achieve the purpose of profit. For example, by tampering with the core program corresponding to the "payment function" of the target application, the user's payment information on the target application is If it is stolen, the interests of the user will be lost. Therefore, this embodiment can also detect the core program of the target application. Among them, the frequency of the core code program issued by the cloud server is set by the developer, and can be issued once at a preset time interval.
步骤S402:从目标应用中提取第三目标特征信息,第三目标特征信息包括目标应用中与核心代码程序对应的待检测代码程序。Step S402: Extract third target feature information from the target application, where the third target feature information includes the code program to be detected corresponding to the core code program in the target application.
具体地,该第三目标特征信息具体是指目标应用中,与核心代码程序对应的一段待检测代码程序。Specifically, the third target feature information specifically refers to a piece of code program to be detected corresponding to the core code program in the target application.
步骤S403:将核心代码程序与第三目标特征信息进行比对,得到第三比对结果,并将第三比对结果输出显示且同时反馈给云服务器。Step S403: Compare the core code program with the third target feature information to obtain a third comparison result, and output and display the third comparison result and feed it back to the cloud server at the same time.
本申请第四实施例的移动终端应用程序安全检测方法通过从目标应用中确认与云服务器下发的核心代码程序对应的第三目标特征信息,该第三目标特征信息为待检测代码程序,再将第三目标特征信息与核心代码程序进行比对,从而得到第三比对结果,根据第三比对结果确认目标应用是否被篡改,其利用了黑客破解目标应用的心理,针对核心程序设定检测方式,从而达到提升最终检测结果准确性的目的。The mobile terminal application security detection method according to the fourth embodiment of the present application confirms the third target feature information corresponding to the core code program issued by the cloud server from the target application, where the third target feature information is the code program to be detected, and then Compare the third target feature information with the core code program to obtain a third comparison result, and confirm whether the target application has been tampered with according to the third comparison result. detection method, so as to achieve the purpose of improving the accuracy of the final detection result.
进一步的,在一些实施例中,在得到第一比对结果或第二比对结果或第三比对结果之后,还包括:将第一比对结果或第二比对结果或第三比对结果上传至区块链中。Further, in some embodiments, after obtaining the first comparison result or the second comparison result or the third comparison result, it also includes: comparing the first comparison result or the second comparison result or the third comparison result The results are uploaded to the blockchain.
具体地,基于第一比对结果或第二比对结果或第三比对结果得到对应的摘要信息,具体来说,摘要信息由第一比对结果或第二比对结果或第三比对结果进行散列处理得到,比如利用sha256s算法处理得到。将摘要信息上传至区块链可保证其安全性和对用户的公正透明性。用户设备可以从区块链中下载得该摘要信息,以便查证第一比对结果、第二比对结果、第三比对结果是否被篡改。本示例所指区块链是分布式数据存储、点对点传输、共识机制、加密算法等计算机技术的新型应用模式。区块链(Blockchain),本质上是一个去中心化的数据库,是一串使用密码学方法相关联产生的数据块,每一个数据块中包含了一批次网络交易的信息,用于验证其信息的有效性(防伪)和生成下一个区块。区块链可以包括区块链底层平台、平台产品服务层以及应用服务层等。Specifically, the corresponding summary information is obtained based on the first comparison result or the second comparison result or the third comparison result. Specifically, the summary information is obtained from the first comparison result or the second comparison result or the third comparison result. The result is obtained by hashing, for example, using the sha256s algorithm. Uploading summary information to the blockchain ensures its security and fairness and transparency to users. The user equipment can download the summary information from the blockchain, so as to verify whether the first comparison result, the second comparison result, and the third comparison result have been tampered with. The blockchain referred to in this example is a new application mode of computer technology such as distributed data storage, point-to-point transmission, consensus mechanism, and encryption algorithm. Blockchain, essentially a decentralized database, is a series of data blocks associated with cryptographic methods. Each data block contains a batch of network transaction information to verify its Validity of information (anti-counterfeiting) and generation of the next block. The blockchain can include the underlying platform of the blockchain, the platform product service layer, and the application service layer.
图5是本申请实施例的移动终端应用程序安全检测系统的功能模块示意图。如图5所示,该移动终端应用程序安全检测系统50包括第一判断模块51、第一提取模块52、获取模块53和第一比对模块54。FIG. 5 is a schematic diagram of functional modules of a mobile terminal application security detection system according to an embodiment of the present application. As shown in FIG. 5 , the mobile terminal application security detection system 50 includes a first judgment module 51 , a first extraction module 52 , an acquisition module 53 and a first comparison module 54 .
第一判断模块51,用于当目标应用启动时,利用预设条件判断是否生成检测目标应用的指令。The first judgment module 51 is configured to use a preset condition to judge whether to generate an instruction for detecting the target application when the target application is started.
第一提取模块52,用于当生成检测目标应用的指令时,从目标应用中提取出第一目标特征信息,第一目标特征信息包括用于识别及区分目标应用的特征信息。The first extraction module 52 is configured to extract first target feature information from the target application when an instruction for detecting a target application is generated, where the first target feature information includes feature information for identifying and distinguishing the target application.
获取模块53,用于从本地so库中获取第一比对信息,同时从云服务器中获取第二比对信息,第一比对信息和第二比对信息组成比对信息。The obtaining module 53 is configured to obtain the first comparison information from the local so library, and simultaneously obtain the second comparison information from the cloud server, and the first comparison information and the second comparison information constitute the comparison information.
第一比对模块54,用于将第一目标特征信息与比对信息进行比对,得到第一比对结果,并将第一比对结果输出显示且同时反馈给云服务器。The first comparison module 54 is configured to compare the first target feature information with the comparison information to obtain a first comparison result, output and display the first comparison result and feed it back to the cloud server at the same time.
可选地,第一判断模块51当目标应用启动时,利用预设条件判断是否生成检测目标应用的指令的操作还可以为:当目标应用启动时,获取目标应用上一次检测时间与当前时间的时间间隔;当时间间隔超过预设阈值时,生成检测目标应用的指令。Optionally, when the target application is started, the first judging module 51 uses a preset condition to determine whether to generate an instruction to detect the target application. The operation may also be: when the target application is started, obtain the difference between the last detection time of the target application and the current time. Time interval; when the time interval exceeds a preset threshold, an instruction to detect the target application is generated.
可选地,第一判断模块51当目标应用启动时,利用预设条件判断是否生成检测目标应用的指令的操作还可以为:当目标应用启动时,执行预先设置的随机程序得到一个随机结果,随机结果包括检测目标应用和不检测目标应用;若随机结果为检测目标应用,则生成检测目标应用的指令。Optionally, when the target application is started, the first judgment module 51 uses a preset condition to judge whether to generate an instruction to detect the target application. The operation may also be: when the target application is started, execute a preset random program to obtain a random result, The random result includes detecting the target application and not detecting the target application; if the random result is detecting the target application, an instruction for detecting the target application is generated.
可选地,获取模块53将第一比对信息和第二比对信息组成比对信息的操作还可以为:检测第一比对信息上预留的验证信息与第二比对信息上预留的验证信息是否匹配;若匹配,则组合得到比对信息;若不匹配,则输出比对信息被篡改的消息。Optionally, the operation of the acquisition module 53 to form the comparison information from the first comparison information and the second comparison information may also be: detecting the verification information reserved on the first comparison information and the reserved verification information on the second comparison information. Whether the verification information matches; if it matches, the comparison information is obtained by combining; if it does not match, the message that the comparison information has been tampered with is output.
可选地,第一比对模块54得到第一比对结果之后,还用于当目标应用与外部终端发生数据交互时,从so库中获取第一密钥段,同时从云服务器中获取第二密钥段,第一密钥段和第二密钥段组成密钥;利用密钥加密需要发送的信息和/或利用密钥解密接收到的信息;当目标应用终止时,将组合生成的密钥删除。Optionally, after the first comparison module 54 obtains the first comparison result, it is also used to obtain the first key segment from the so library and the first key segment from the cloud server when the target application interacts with the external terminal. Two key segments, the first key segment and the second key segment form a key; use the key to encrypt the information to be sent and/or use the key to decrypt the received information; when the target application is terminated, the combined generated Key deletion.
图6是本申请实施例的移动终端应用程序安全检测系统的功能模块示意图。如图6所示,该移动终端应用程序安全检测系统60包括第二判断模块61、第二提取模块62、发送模块63和第一接收模块64。FIG. 6 is a schematic diagram of functional modules of a mobile terminal application security detection system according to an embodiment of the present application. As shown in FIG. 6 , the mobile terminal application security detection system 60 includes a second judgment module 61 , a second extraction module 62 , a sending module 63 and a first receiving module 64 .
第二判断模块61,用于当目标应用启动时,利用预设条件判断是否生成检测目标应用的指令。The second judgment module 61 is configured to use a preset condition to judge whether to generate an instruction for detecting the target application when the target application is started.
第二提取模块62,用于当生成检测目标应用的指令时,从目标应用中提取出第二目标特征信息,第二目标特征信息包括目标应用中存在且固定不变的名称和图片信息。The second extraction module 62 is configured to extract second target feature information from the target application when generating the instruction for detecting the target application, where the second target feature information includes the fixed name and picture information existing in the target application.
发送模块63,用于将第二目标特征信息发送至云服务器中,利用云服务器对第二目标特征信息进行大数据比对分析且得到第二比对结果。The sending module 63 is configured to send the second target feature information to the cloud server, and use the cloud server to perform big data comparison analysis on the second target feature information and obtain a second comparison result.
第一接收模块64,用于接收云服务器反馈的第二比对结果。The first receiving module 64 is configured to receive the second comparison result fed back by the cloud server.
图7是本申请实施例的移动终端应用程序安全检测系统的功能模块示意图。如图7所示,该移动终端应用程序安全检测系统70包括第二接收模块71、第三提取模块72和第二比对模块73。FIG. 7 is a schematic diagram of functional modules of a mobile terminal application security detection system according to an embodiment of the present application. As shown in FIG. 7 , the mobile terminal application security detection system 70 includes a second receiving module 71 , a third extracting module 72 and a second comparing module 73 .
第二接收模块71,用于接收由云服务器下发的核心代码程序。The second receiving module 71 is configured to receive the core code program issued by the cloud server.
第三提取模块72,用于从目标应用中提取第三目标特征信息,第三目标特征信息包括目标应用中与核心代码程序对应的待检测代码程序。The third extraction module 72 is configured to extract third target feature information from the target application, where the third target feature information includes the code program to be detected corresponding to the core code program in the target application.
第二比对模块73,用于将核心代码程序与第三目标特征信息进行比对,得到第三比对结果,并将第三比对结果输出显示且同时反馈给云服务器。The second comparison module 73 is configured to compare the core code program with the third target feature information to obtain a third comparison result, output and display the third comparison result and feed it back to the cloud server at the same time.
关于上述实施例移动终端应用程序安全检测系统中各模块实现技术方案的其他细节,可参见上述实施例中的移动终端应用程序安全检测方法中的描述,此处不再赘述。For other details of the technical solutions implemented by the modules in the mobile terminal application security detection system in the above embodiment, reference may be made to the description in the mobile terminal application security detection method in the above embodiment, which will not be repeated here.
需要说明的是,本说明书中的各个实施例均采用递进的方式描述,每个实施例重点说明的都是与其他实施例的不同之处,各个实施例之间相同相似的部分互相参见即可。对于系统类实施例而言,由于其与方法实施例基本相似,所以描述的比较简单,相关之处参见方法实施例的部分说明即可。It should be noted that the various embodiments in this specification are described in a progressive manner, and each embodiment focuses on the differences from other embodiments. For the same and similar parts among the various embodiments, refer to each other Can. As for the system-type embodiment, since it is basically similar to the method embodiment, the description is relatively simple, and for related parts, please refer to the partial description of the method embodiment.
请参阅图8,图8为本申请实施例的终端的结构示意图。如图8所示,该终端80包括处理器81及和处理器81耦接的存储器82。Please refer to FIG. 8 , which is a schematic structural diagram of a terminal according to an embodiment of the present application. As shown in FIG. 8 , the terminal 80 includes a processor 81 and a memory 82 coupled to the processor 81 .
存储器82存储有用于实现上述任一实施例所述的移动终端应用程序安全检测方法的程序指令。The memory 82 stores program instructions for implementing the mobile terminal application security detection method described in any of the foregoing embodiments.
处理器81用于执行存储器82存储的程序指令以对移动终端应用程序进行安全检测。The processor 81 is configured to execute the program instructions stored in the memory 82 to perform security detection on the mobile terminal application program.
其中,处理器81还可以称为CPU(Central Processing Unit,中央处理单元)。处理器81可能是一种集成电路芯片,具有信号的处理能力。处理器81还可以是通用处理器、数字信号处理器(DSP)、专用集成电路(ASIC)、现场可编程门阵列(FPGA)或者其他可编程逻辑器件、分立门或者晶体管逻辑器件、分立硬件组件。通用处理器可以是微处理器或者该处理器也可以是任何常规的处理器等。The processor 81 may also be referred to as a CPU (Central Processing Unit, central processing unit). The processor 81 may be an integrated circuit chip with signal processing capability. The processor 81 may also be a general purpose processor, digital signal processor (DSP), application specific integrated circuit (ASIC), field programmable gate array (FPGA) or other programmable logic device, discrete gate or transistor logic device, discrete hardware components . A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like.
参阅图9,图9为本申请实施例的存储介质的结构示意图。本申请实施例的存储介质存储有能够实现上述所有方法的程序文件91,其中,该程序文件91可以以软件产品的形式存储在上述存储介质中,包括若干指令用以使得一台计算机设备(可以是个人计算机,服务器,或者网络设备等)或处理器(processor)执行本申请各个实施方式所述方法的全部或部分步骤。而前述的存储介质包括:U盘、移动硬盘、只读存储器(ROM,Read-Only Memory)、随机存取存储器(RAM,Random Access Memory)、磁碟或者光盘等各种可以存储程序代码的介质,或者是计算机、服务器、手机、平板等终端设备。所述存储介质可以是非易失性,也可以是易失性。Referring to FIG. 9 , FIG. 9 is a schematic structural diagram of a storage medium according to an embodiment of the present application. The storage medium of this embodiment of the present application stores a program file 91 capable of implementing all the above-mentioned methods, wherein the program file 91 may be stored in the above-mentioned storage medium in the form of a software product, and includes several instructions to enable a computer device (which can be A personal computer, a server, or a network device, etc.) or a processor (processor) executes all or part of the steps of the methods described in the various embodiments of the present application. The aforementioned storage media include: U disk, mobile hard disk, Read-Only Memory (ROM, Read-Only Memory), Random Access Memory (RAM, Random Access Memory). Various media that can store program codes, such as Memory), disks, or CDs, or terminal devices such as computers, servers, mobile phones, and tablets. The storage medium may be non-volatile or volatile.
在本申请所提供的几个实施例中,应该理解到,所揭露的系统,终端和方法,可以通过其它的方式实现。例如,以上所描述的系统实施例仅仅是示意性的,例如,单元的划分,仅仅为一种逻辑功能划分,实际实现时可以有另外的划分方式,例如多个单元或组件可以结合或者可以集成到另一个系统,或一些特征可以忽略,或不执行。另一点,所显示或讨论的相互之间的耦合或直接耦合或通信连接可以是通过一些接口,装置或单元的间接耦合或通信连接,可以是电性,机械或其它的形式。In the several embodiments provided in this application, it should be understood that the disclosed system, terminal and method may be implemented in other manners. For example, the system embodiments described above are only illustrative. For example, the division of units is only a logical function division. In actual implementation, there may be other division methods. For example, multiple units or components may be combined or integrated. to another system, or some features can be ignored, or not implemented. On the other hand, the shown or discussed mutual coupling or direct coupling or communication connection may be through some interfaces, indirect coupling or communication connection of devices or units, and may be in electrical, mechanical or other forms.
另外,在本申请各个实施例中的各功能单元可以集成在一个处理单元中,也可以是各个单元单独物理存在,也可以两个或两个以上单元集成在一个单元中。上述集成的单元既可以采用硬件的形式实现,也可以采用软件功能单元的形式实现。以上仅为本申请的实施方式,并非因此限制本申请的专利范围,凡是利用本申请说明书及附图内容所作的等效结构或等效流程变换,或直接或间接运用在其他相关的技术领域,均同理包括在本申请的专利保护范围内。In addition, each functional unit in each embodiment of the present application may be integrated into one processing unit, or each unit may exist physically alone, or two or more units may be integrated into one unit. The above-mentioned integrated units may be implemented in the form of hardware, or may be implemented in the form of software functional units. The above are only the embodiments of the present application, and are not intended to limit the scope of the patent of the present application. Any equivalent structure or equivalent process transformation made by using the contents of the description and drawings of the present application, or directly or indirectly applied in other related technical fields, All are similarly included in the scope of patent protection of the present application.

Claims (20)

1、一种移动终端应用程序安全检测方法,其中,包括:1. A mobile terminal application security detection method, comprising:
当目标应用启动时,利用预设条件判断是否生成检测所述目标应用的指令;When the target application is started, use a preset condition to determine whether to generate an instruction to detect the target application;
若是,则从所述目标应用中提取出第一目标特征信息,所述第一目标特征信息包括用于识别及区分所述目标应用的特征信息;If so, extract first target feature information from the target application, where the first target feature information includes feature information for identifying and distinguishing the target application;
从本地so库中获取第一比对信息,同时从云服务器中获取第二比对信息,所述第一比对信息和所述第二比对信息组成比对信息;Obtain the first comparison information from the local so library, and simultaneously obtain the second comparison information from the cloud server, and the first comparison information and the second comparison information form the comparison information;
将所述第一目标特征信息与所述比对信息进行比对,得到第一比对结果,并将所述第一比对结果输出显示且同时反馈给所述云服务器。The first target feature information is compared with the comparison information to obtain a first comparison result, and the first comparison result is output and displayed and fed back to the cloud server at the same time.
2、根据权利要求1所述的移动终端应用程序安全检测方法,其中,所述当目标应用启动时,利用预设条件判断是否生成检测所述目标应用的指令,包括:2. The mobile terminal application security detection method according to claim 1, wherein, when the target application is started, using a preset condition to determine whether to generate an instruction for detecting the target application comprises:
当所述目标应用启动时,获取所述目标应用上一次检测时间与当前时间的时间间隔;When the target application is started, obtain the time interval between the last detection time of the target application and the current time;
当所述时间间隔超过预设阈值时,生成检测所述目标应用的指令。When the time interval exceeds a preset threshold, an instruction to detect the target application is generated.
3、根据权利要求1所述的移动终端应用程序安全检测方法,其中,所述当目标应用启动时,利用预设条件判断是否生成检测所述目标应用的指令,包括:3. The mobile terminal application security detection method according to claim 1, wherein when the target application is started, using a preset condition to determine whether to generate an instruction for detecting the target application comprises:
当所述目标应用启动时,执行预先设置的随机程序得到一个随机结果,所述随机结果包括检测所述目标应用和不检测所述目标应用;When the target application is started, a random result is obtained by executing a preset random program, and the random result includes detecting the target application and not detecting the target application;
若所述随机结果为所述检测所述目标应用,则生成检测所述目标应用的指令。If the random result is the detection of the target application, an instruction to detect the target application is generated.
4、根据权利要求1所述的移动终端应用程序安全检测方法,其中,所述第一比对信息和所述第二比对信息组成比对信息,包括:4. The mobile terminal application security detection method according to claim 1, wherein the first comparison information and the second comparison information constitute comparison information, comprising:
检测所述第一比对信息上预留的验证信息与所述第二比对信息上预留的验证信息是否匹配;Detecting whether the verification information reserved on the first comparison information matches the verification information reserved on the second comparison information;
若匹配,则组合得到所述比对信息;If there is a match, combining to obtain the alignment information;
若不匹配,则输出所述比对信息被篡改的消息。If there is no match, output a message that the comparison information has been tampered with.
5、根据权利要求1所述的移动终端应用程序安全检测方法,其中,所述得到第一比对结果之后,还包括:5. The mobile terminal application security detection method according to claim 1, wherein after obtaining the first comparison result, the method further comprises:
当所述目标应用与外部终端发生数据交互时,从所述so库中获取第一密钥段,同时从所述云服务器中获取第二密钥段,所述第一密钥段和所述第二密钥段组成密钥;When data interaction occurs between the target application and the external terminal, the first key segment is obtained from the so library, and the second key segment is obtained from the cloud server at the same time. The first key segment and the The second key segment forms a key;
利用所述密钥加密需要发送的信息和/或利用所述密钥解密接收到的信息;Use the key to encrypt the information to be sent and/or use the key to decrypt the received information;
当所述目标应用终止时,将组合生成的所述密钥删除。When the target application is terminated, the key generated in combination is deleted.
6、一种移动终端应用程序安全检测方法,其中,包括:6. A mobile terminal application security detection method, comprising:
当目标应用启动时,利用预设条件判断是否生成检测所述目标应用的指令;When the target application is started, use a preset condition to determine whether to generate an instruction to detect the target application;
若是,则从所述目标应用中提取出第二目标特征信息,所述第二目标特征信息包括所述目标应用中存在且固定不变的名称和图片信息;If so, extract second target feature information from the target application, where the second target feature information includes the fixed name and picture information existing in the target application;
将所述第二目标特征信息发送至所述云服务器中,利用所述云服务器对所述第二目标特征信息进行大数据比对分析且得到第二比对结果;Sending the second target feature information to the cloud server, and using the cloud server to perform big data comparison analysis on the second target feature information and obtain a second comparison result;
接收所述云服务器反馈的第二比对结果。A second comparison result fed back by the cloud server is received.
7、一种移动终端应用程序安全检测方法,其中,包括:7. A mobile terminal application security detection method, comprising:
接收由所述云服务器下发的核心代码程序;receiving the core code program issued by the cloud server;
从所述目标应用中提取第三目标特征信息,所述第三目标特征信息包括所述目标应用中与所述核心代码程序对应的待检测代码程序;Extracting third target feature information from the target application, where the third target feature information includes a code program to be detected corresponding to the core code program in the target application;
将所述核心代码程序与所述第三目标特征信息进行比对,得到第三比对结果,并将所述第三比对结果输出显示且同时反馈给所述云服务器。The core code program is compared with the third target feature information to obtain a third comparison result, and the third comparison result is output and displayed and fed back to the cloud server at the same time.
8、一种移动终端应用程序安全检测系统,其中,其包括:8. A mobile terminal application security detection system, comprising:
第一判断模块,用于当目标应用启动时,利用预设条件判断是否生成检测所述目标应用的指令;a first judgment module, configured to use a preset condition to judge whether to generate an instruction to detect the target application when the target application is started;
第一提取模块,用于当生成检测所述目标应用的指令时,从所述目标应用中提取出第一目标特征信息;a first extraction module, configured to extract first target feature information from the target application when an instruction for detecting the target application is generated;
获取模块,用于从本地so库中获取第一比对信息,同时从云服务器中获取第二比对信息,所述第一比对信息和所述第二比对信息组成比对信息;The acquisition module is used to obtain the first comparison information from the local so library, and simultaneously obtain the second comparison information from the cloud server, and the first comparison information and the second comparison information form the comparison information;
第一比对模块,用于将所述第一目标特征信息与所述比对信息进行比对,得到第一比对结果,并将所述第一比对结果输出显示且同时反馈给所述云服务器。a first comparison module, configured to compare the first target feature information with the comparison information to obtain a first comparison result, output and display the first comparison result and feed it back to the Cloud Server.
9、一种终端,其中,所述终端包括处理器、与所述处理器耦接的存储器,所述存储器上存储有可在处理器上运行的程序文件,其中,所述处理器执行所述程序文件时实现以下步骤:9. A terminal, wherein the terminal comprises a processor and a memory coupled to the processor, the memory stores a program file executable on the processor, wherein the processor executes the program file when implementing the following steps:
当目标应用启动时,利用预设条件判断是否生成检测所述目标应用的指令;When the target application is started, use a preset condition to determine whether to generate an instruction to detect the target application;
若是,则从所述目标应用中提取出第一目标特征信息,所述第一目标特征信息包括用于识别及区分所述目标应用的特征信息;If so, extract first target feature information from the target application, where the first target feature information includes feature information for identifying and distinguishing the target application;
从本地so库中获取第一比对信息,同时从云服务器中获取第二比对信息,所述第一比对信息和所述第二比对信息组成比对信息;Obtain the first comparison information from the local so library, and simultaneously obtain the second comparison information from the cloud server, and the first comparison information and the second comparison information form the comparison information;
将所述第一目标特征信息与所述比对信息进行比对,得到第一比对结果,并将所述第一比对结果输出显示且同时反馈给所述云服务器。The first target feature information is compared with the comparison information to obtain a first comparison result, and the first comparison result is output and displayed and fed back to the cloud server at the same time.
10、根据权利要求9所述的终端,其中,所述当目标应用启动时,利用预设条件判断是否生成检测所述目标应用的指令,包括:10. The terminal according to claim 9, wherein, when the target application is started, using a preset condition to determine whether to generate an instruction for detecting the target application comprises:
当所述目标应用启动时,获取所述目标应用上一次检测时间与当前时间的时间间隔;When the target application is started, obtain the time interval between the last detection time of the target application and the current time;
当所述时间间隔超过预设阈值时,生成检测所述目标应用的指令。When the time interval exceeds a preset threshold, an instruction to detect the target application is generated.
11、根据权利要求9所述的终端,其中,所述当目标应用启动时,利用预设条件判断是否生成检测所述目标应用的指令,包括:11. The terminal according to claim 9, wherein, when the target application is started, using a preset condition to determine whether to generate an instruction for detecting the target application comprises:
当所述目标应用启动时,执行预先设置的随机程序得到一个随机结果,所述随机结果包括检测所述目标应用和不检测所述目标应用;When the target application is started, a random result is obtained by executing a preset random program, and the random result includes detecting the target application and not detecting the target application;
若所述随机结果为所述检测所述目标应用,则生成检测所述目标应用的指令。If the random result is the detection of the target application, an instruction to detect the target application is generated.
12、根据权利要求9所述的终端,其中,所述得到第一比对结果之后,还包括:12. The terminal according to claim 9, wherein after obtaining the first comparison result, the method further comprises:
当所述目标应用与外部终端发生数据交互时,从所述so库中获取第一密钥段,同时从所述云服务器中获取第二密钥段,所述第一密钥段和所述第二密钥段组成密钥;When data interaction occurs between the target application and the external terminal, the first key segment is obtained from the so library, and the second key segment is obtained from the cloud server at the same time. The first key segment and the The second key segment forms a key;
利用所述密钥加密需要发送的信息和/或利用所述密钥解密接收到的信息;Use the key to encrypt the information to be sent and/or use the key to decrypt the received information;
当所述目标应用终止时,将组合生成的所述密钥删除。When the target application is terminated, the key generated in combination is deleted.
13、一种终端,其中,所述终端包括处理器、与所述处理器耦接的存储器,所述存储器上存储有可在处理器上运行的程序文件,其中,所述处理器执行所述程序文件时实现以下步骤:13. A terminal, wherein the terminal comprises a processor and a memory coupled to the processor, the memory stores a program file that can run on the processor, wherein the processor executes the program file when implementing the following steps:
当目标应用启动时,利用预设条件判断是否生成检测所述目标应用的指令;When the target application is started, use a preset condition to determine whether to generate an instruction to detect the target application;
若是,则从所述目标应用中提取出第二目标特征信息,所述第二目标特征信息包括所述目标应用中存在且固定不变的名称和图片信息;If so, extract second target feature information from the target application, where the second target feature information includes the fixed name and picture information existing in the target application;
将所述第二目标特征信息发送至所述云服务器中,利用所述云服务器对所述第二目标特征信息进行大数据比对分析且得到第二比对结果;Sending the second target feature information to the cloud server, and using the cloud server to perform big data comparison analysis on the second target feature information and obtain a second comparison result;
接收所述云服务器反馈的第二比对结果。A second comparison result fed back by the cloud server is received.
14、一种终端,其中,所述终端包括处理器、与所述处理器耦接的存储器,所述存储器上存储有可在处理器上运行的程序文件,其中,所述处理器执行所述程序文件时实现以下步骤:14. A terminal, wherein the terminal comprises a processor and a memory coupled to the processor, the memory stores a program file executable on the processor, wherein the processor executes the program file when implementing the following steps:
接收由所述云服务器下发的核心代码程序;receiving the core code program issued by the cloud server;
从所述目标应用中提取第三目标特征信息,所述第三目标特征信息包括所述目标应用中与所述核心代码程序对应的待检测代码程序;Extracting third target feature information from the target application, where the third target feature information includes a code program to be detected corresponding to the core code program in the target application;
将所述核心代码程序与所述第三目标特征信息进行比对,得到第三比对结果,并将所述第三比对结果输出显示且同时反馈给所述云服务器。The core code program is compared with the third target feature information to obtain a third comparison result, and the third comparison result is output and displayed and fed back to the cloud server at the same time.
15、一种存储介质,其中,存储有能够实现移动终端应用程序安全检测方法的程序文件,所述程序文件被处理器执行时实现以下步骤:15. A storage medium, wherein a program file capable of implementing a mobile terminal application security detection method is stored, and when the program file is executed by a processor, the following steps are implemented:
当目标应用启动时,利用预设条件判断是否生成检测所述目标应用的指令;When the target application is started, use a preset condition to determine whether to generate an instruction to detect the target application;
若是,则从所述目标应用中提取出第一目标特征信息,所述第一目标特征信息包括用于识别及区分所述目标应用的特征信息;If so, extract first target feature information from the target application, where the first target feature information includes feature information for identifying and distinguishing the target application;
从本地so库中获取第一比对信息,同时从云服务器中获取第二比对信息,所述第一比对信息和所述第二比对信息组成比对信息;Obtain the first comparison information from the local so library, and simultaneously obtain the second comparison information from the cloud server, and the first comparison information and the second comparison information form the comparison information;
将所述第一目标特征信息与所述比对信息进行比对,得到第一比对结果,并将所述第一比对结果输出显示且同时反馈给所述云服务器。The first target feature information is compared with the comparison information to obtain a first comparison result, and the first comparison result is output and displayed and fed back to the cloud server at the same time.
16、根据权利要求15所述的存储介质,其中,所述当目标应用启动时,利用预设条件判断是否生成检测所述目标应用的指令,包括:16. The storage medium according to claim 15, wherein, when the target application is started, using a preset condition to determine whether to generate an instruction for detecting the target application comprises:
当所述目标应用启动时,获取所述目标应用上一次检测时间与当前时间的时间间隔;When the target application is started, obtain the time interval between the last detection time of the target application and the current time;
当所述时间间隔超过预设阈值时,生成检测所述目标应用的指令。When the time interval exceeds a preset threshold, an instruction to detect the target application is generated.
17、根据权利要求15所述的存储介质,其中,所述当目标应用启动时,利用预设条件判断是否生成检测所述目标应用的指令,包括:17. The storage medium according to claim 15, wherein, when the target application is started, using a preset condition to determine whether to generate an instruction for detecting the target application comprises:
当所述目标应用启动时,执行预先设置的随机程序得到一个随机结果,所述随机结果包括检测所述目标应用和不检测所述目标应用;When the target application is started, a random result is obtained by executing a preset random program, and the random result includes detecting the target application and not detecting the target application;
若所述随机结果为所述检测所述目标应用,则生成检测所述目标应用的指令。If the random result is the detection of the target application, an instruction to detect the target application is generated.
18、根据权利要求15所述的存储介质,其中,所述得到第一比对结果之后,还包括:18. The storage medium according to claim 15, wherein after obtaining the first comparison result, the method further comprises:
当所述目标应用与外部终端发生数据交互时,从所述so库中获取第一密钥段,同时从所述云服务器中获取第二密钥段,所述第一密钥段和所述第二密钥段组成密钥;When data interaction occurs between the target application and the external terminal, the first key segment is obtained from the so library, and the second key segment is obtained from the cloud server at the same time. The first key segment and the The second key segment forms a key;
利用所述密钥加密需要发送的信息和/或利用所述密钥解密接收到的信息;Use the key to encrypt the information to be sent and/or use the key to decrypt the received information;
当所述目标应用终止时,将组合生成的所述密钥删除。When the target application is terminated, the key generated in combination is deleted.
19、一种存储介质,其中,存储有能够实现移动终端应用程序安全检测方法的程序文件,所述程序文件被处理器执行时实现以下步骤:19. A storage medium, wherein a program file capable of implementing a mobile terminal application security detection method is stored, and when the program file is executed by a processor, the following steps are implemented:
当目标应用启动时,利用预设条件判断是否生成检测所述目标应用的指令;When the target application is started, use a preset condition to determine whether to generate an instruction to detect the target application;
若是,则从所述目标应用中提取出第二目标特征信息,所述第二目标特征信息包括所述目标应用中存在且固定不变的名称和图片信息;If so, extract second target feature information from the target application, where the second target feature information includes the fixed name and picture information existing in the target application;
将所述第二目标特征信息发送至所述云服务器中,利用所述云服务器对所述第二目标特征信息进行大数据比对分析且得到第二比对结果;Sending the second target feature information to the cloud server, and using the cloud server to perform big data comparison analysis on the second target feature information and obtain a second comparison result;
接收所述云服务器反馈的第二比对结果。A second comparison result fed back by the cloud server is received.
20、一种存储介质,其中,存储有能够实现移动终端应用程序安全检测方法的程序文件,所述程序文件被处理器执行时实现以下步骤:20. A storage medium, wherein a program file capable of implementing a mobile terminal application security detection method is stored, and when the program file is executed by a processor, the following steps are implemented:
接收由所述云服务器下发的核心代码程序;receiving the core code program issued by the cloud server;
从所述目标应用中提取第三目标特征信息,所述第三目标特征信息包括所述目标应用中与所述核心代码程序对应的待检测代码程序;Extracting third target feature information from the target application, where the third target feature information includes a code program to be detected corresponding to the core code program in the target application;
将所述核心代码程序与所述第三目标特征信息进行比对,得到第三比对结果,并将所述第三比对结果输出显示且同时反馈给所述云服务器。The core code program is compared with the third target feature information to obtain a third comparison result, and the third comparison result is output and displayed and fed back to the cloud server at the same time.
PCT/CN2021/090494 2020-10-09 2021-04-28 Mobile terminal application security detection method and system, terminal, and storage medium WO2022073340A1 (en)

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
CN202011073608.9A CN112199644A (en) 2020-10-09 2020-10-09 Mobile terminal application program safety detection method, system, terminal and storage medium
CN202011073608.9 2020-10-09

Publications (1)

Publication Number Publication Date
WO2022073340A1 true WO2022073340A1 (en) 2022-04-14

Family

ID=74012685

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2021/090494 WO2022073340A1 (en) 2020-10-09 2021-04-28 Mobile terminal application security detection method and system, terminal, and storage medium

Country Status (2)

Country Link
CN (1) CN112199644A (en)
WO (1) WO2022073340A1 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115983724A (en) * 2023-03-20 2023-04-18 锱云(上海)物联网科技有限公司 Product quality acceptance method and system
CN117335988A (en) * 2023-11-30 2024-01-02 中国信息通信研究院 APP electronic identification generation, labeling and security verification method and equipment

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112199644A (en) * 2020-10-09 2021-01-08 平安科技(深圳)有限公司 Mobile terminal application program safety detection method, system, terminal and storage medium
CN113419769B (en) * 2021-06-23 2024-02-20 中国信息通信研究院 Application software management method and device
CN113343239A (en) * 2021-06-28 2021-09-03 Oppo广东移动通信有限公司 Application identification method and device, storage medium and electronic equipment

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102831338A (en) * 2012-06-28 2012-12-19 北京奇虎科技有限公司 Security detection method and system of Android application program
CN104715196A (en) * 2015-03-27 2015-06-17 北京奇虎科技有限公司 Static analysis method and system of smart phone application program
CN105027498A (en) * 2013-06-11 2015-11-04 章寅生 A method, system and device for securely storing data files at a remote location by splitting and reassembling said files
US20160092190A1 (en) * 2013-12-16 2016-03-31 Beijing Nq Technology Co., Ltd. Method, apparatus and system for inspecting safety of an application installation package
CN107480519A (en) * 2017-08-04 2017-12-15 深圳市金立通信设备有限公司 A kind of method and server for identifying risk application
CN112199644A (en) * 2020-10-09 2021-01-08 平安科技(深圳)有限公司 Mobile terminal application program safety detection method, system, terminal and storage medium

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103218550B (en) * 2013-03-20 2015-10-21 中国联合网络通信集团有限公司 Software installation method, server and terminal
CN103227721B (en) * 2013-03-28 2015-11-18 金硕澳门离岸商业服务有限公司 Start the system and method for application
CN103501293B (en) * 2013-09-25 2017-06-13 国网重庆市电力公司 The authentication method that trusted end-user is accessed in a kind of intelligent grid
CN109492391B (en) * 2018-11-05 2023-02-28 腾讯科技(深圳)有限公司 Application program defense method and device and readable medium

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102831338A (en) * 2012-06-28 2012-12-19 北京奇虎科技有限公司 Security detection method and system of Android application program
CN105027498A (en) * 2013-06-11 2015-11-04 章寅生 A method, system and device for securely storing data files at a remote location by splitting and reassembling said files
US20160092190A1 (en) * 2013-12-16 2016-03-31 Beijing Nq Technology Co., Ltd. Method, apparatus and system for inspecting safety of an application installation package
CN104715196A (en) * 2015-03-27 2015-06-17 北京奇虎科技有限公司 Static analysis method and system of smart phone application program
CN107480519A (en) * 2017-08-04 2017-12-15 深圳市金立通信设备有限公司 A kind of method and server for identifying risk application
CN112199644A (en) * 2020-10-09 2021-01-08 平安科技(深圳)有限公司 Mobile terminal application program safety detection method, system, terminal and storage medium

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115983724A (en) * 2023-03-20 2023-04-18 锱云(上海)物联网科技有限公司 Product quality acceptance method and system
CN115983724B (en) * 2023-03-20 2023-06-23 锱云(上海)物联网科技有限公司 Product quality acceptance method and system
CN117335988A (en) * 2023-11-30 2024-01-02 中国信息通信研究院 APP electronic identification generation, labeling and security verification method and equipment
CN117335988B (en) * 2023-11-30 2024-03-12 中国信息通信研究院 APP electronic identification generation, labeling and security verification method and equipment

Also Published As

Publication number Publication date
CN112199644A (en) 2021-01-08

Similar Documents

Publication Publication Date Title
WO2022073340A1 (en) Mobile terminal application security detection method and system, terminal, and storage medium
WO2015169158A1 (en) Information protection method and system
US11048824B2 (en) Method for improving security of trusted application
JP6239788B2 (en) Fingerprint authentication method, apparatus, intelligent terminal, and computer storage medium
CN109561085B (en) Identity verification method based on equipment identification code, server and medium
WO2019200799A1 (en) Short message verification code pushing method, electronic device and readable storage medium
CN102883324A (en) Security verification method, security verification device and mobile terminal for plugin call in mobile terminal
US8918907B2 (en) Approaches for firmware to trust an application
CN108335105B (en) Data processing method and related equipment
CN106529218B (en) Application verification method and device
CN111506327B (en) Block chain node hot upgrading method and related equipment
US10158990B2 (en) SMS message reading control method and terminal
WO2015109668A1 (en) Application program management method, device, terminal, and computer storage medium
CN111404696A (en) Collaborative signature method, security service middleware, related platform and system
WO2020088323A1 (en) Capability exposure method and device
CN112257086A (en) User privacy data protection method and electronic equipment
WO2019233022A1 (en) Rollback prevention method and system
EP3179751B1 (en) Information sending method and apparatus, terminal device, and system
US11928450B2 (en) Mobile terminal, method for uninstalling pre-installed application therein, and memory
CN112835628A (en) Server operating system booting method, device, equipment and medium
JP2007094879A (en) Authentication system for basic program of operating system, computer used for the same, and computer program
CN110602051B (en) Information processing method based on consensus protocol and related device
WO2020233044A1 (en) Plug-in verification method and device, and server and computer-readable storage medium
CN108574658B (en) Application login method and device
JP7445017B2 (en) Mobile application forgery/alteration detection method using user identifier and signature collection, computer program, computer readable recording medium, and computer device

Legal Events

Date Code Title Description
121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 21876863

Country of ref document: EP

Kind code of ref document: A1

NENP Non-entry into the national phase

Ref country code: DE

122 Ep: pct application non-entry in european phase

Ref document number: 21876863

Country of ref document: EP

Kind code of ref document: A1