WO2023024928A1

WO2023024928A1 - Detection method and apparatus for application program, and device

Info

Publication number: WO2023024928A1
Application number: PCT/CN2022/111956
Authority: WO
Inventors: 张述; 孙靓; 朱小龙
Original assignee: 花瓣云科技有限公司
Priority date: 2021-08-24
Filing date: 2022-08-12
Publication date: 2023-03-02
Also published as: CN115720144A

Abstract

Provided in the embodiments of the present application are a detection method and apparatus for an application program, and a device. The method comprises: during the running process of a first application program to be subjected to detection, acquiring M messages that are sent by a terminal device by means of the first application program; determining an identification result of each message, wherein the identification result of each message is used for indicating whether the sending place and receiving place of the message are located in the same geographic area, and/or whether there is user information in the message; and according to the identification results of the M message, generating a program detection result corresponding to the first application program. During the process, a program detection result of an application program is obtained by means of analyzing messages that are actually sent by the application program during a running process, and therefore the accuracy of the program detection result is improved.

Description

Application detection method, device and equipment

This application claims the priority of the Chinese patent application with the application number 202110977670.9 and the application title "Applied Program Detection Method, Apparatus and Equipment" submitted to the China Patent Office on August 24, 2021, the entire contents of which are incorporated herein by reference. Applying.

technical field

The present application relates to the technical field of information security, and in particular to a detection method, device and equipment of an application program.

Background technique

With the rapid development of information technology, the current society pays more and more attention to users' privacy rights. Many laws and regulations require applications to protect users' privacy rights. Exemplarily, some regulations restrict the cross-border transmission of user information.

In order to realize the supervision of the application program, a method for detecting the application program is needed to detect whether the application program transmits user information across borders. In related technologies, the detection may be implemented by parsing the installation package of the application program. Specifically, the installation package of the application program is reversely analyzed (for example, decompiled) to obtain the source code. Through static analysis of the source code, determine whether the application will transfer user data across borders.

However, the accuracy of the detection results of the above detection methods is not high.

Contents of the invention

Embodiments of the present application provide an application program detection method, device, and equipment, so as to improve the accuracy of application program detection results.

In the first aspect, the embodiment of the present application provides a method for detecting an application program. The method for detecting an application program may be executed by a terminal device, a processor in a terminal device, a chip, etc., or may be performed by a server, a processor in a server, or a Chips, etc. can also be executed interactively by terminal devices and servers. The following takes the execution subject as a server as an example for illustration.

In the method for detecting an application program, the first application program to be detected runs in the terminal device. During the running of the first application program to be detected, the server acquires M messages sent by the terminal device through the first application program, where M is an integer greater than or equal to 1; wherein, each message may correspond to the first A network request sent by an application program to its corresponding application server. Each message indicates the target data to be transmitted by the first application program, and the target network address to which the target data is to be transmitted. The server determines the identification result of each message, and the identification result of each message is used to indicate whether the sending location and the receiving location of the message are located in the same geographical area, and/or, whether there is user information in the message; Generate a program detection result corresponding to the first application program according to the identification results of the M messages.

Optionally, the geographical area is an area corresponding to a country.

The identification results of M messages may have the following situations:

Case 1: The identification result of each message in the M messages indicates that the sending location and the receiving location of the message are located in the same geographical area, and there is no user information in the message. That is to say, none of the M messages transmits user information across geographic regions. In this case, it may be determined that the program detection result corresponding to the first application program is normal.

Case 2: The identification result of the first message among the M messages indicates that the sending location and the receiving location of the message are not located in the same geographical area. That is to say, among the M messages, there are messages transmitted across geographic regions. In this case, it may be determined that the program detection result of the first application program is abnormal.

Case 3: The identification result that the first message exists in the M messages indicates that the user information exists in the message. That is to say, there is a message transmitting user information among the M messages. In this case, it may be determined that the program detection result of the first application program is abnormal.

Situation 4: The identification result of the first message among the M messages indicates that the sending location and the receiving location of the message are not located in the same geographical area, and user information exists in the message. That is to say, among the M messages, there are messages for transmitting user information across geographic regions. In this case, it may be determined that the program detection result of the first application program is abnormal.

In a possible implementation manner, if the program detection result is abnormal, the program detection result may include an abnormal level. For example, the abnormal levels corresponding to the above-mentioned cases 2 and 3 are slight. The exception level corresponding to the above case 4 is the severity level.

In another possible implementation manner, if the program detection result is abnormal, the program detection result may include the cause of the abnormality. For example, the abnormal cause corresponding to the above case 2 is "cross-geographical region transmission", the above-mentioned case 3 corresponds to "transmission of user information", and the above-mentioned case 4 corresponds to "transmission of user information across geographical regions". Optionally, the reason for the above abnormality may be represented by text or an identification code.

In the embodiment of the present application, since the program detection result of the application program is obtained by analyzing the message actually sent by the application program during the running process, the accuracy of the program detection result is guaranteed.

In a possible implementation, when the application detection method is applied to a server; the first application includes service interfaces corresponding to K geographical areas, and the server is provided with an agent corresponding to each service interface interface, the K is an integer greater than or equal to 1; the server can obtain M messages in the following manner: for each service interface, through the proxy interface corresponding to the service interface, obtain the The at least one message sent.

In actual application scenarios, when terminal devices are located in different countries, they send messages through different service interfaces. Therefore, when detecting the first application program, if it is necessary to detect service interfaces corresponding to multiple countries, it is necessary to obtain messages sent through multiple service interfaces. In the first way, terminal devices located in different countries can be used for detection. In the second way, you can use a terminal device to change the location of the terminal device by piling and burying the terminal device, and simulate the scene where the terminal device is located in different countries, so as to complete the multiple service interfaces. detection process. In the above-mentioned second method, one terminal device is used, and the detection of all service interfaces of the first application program can be completed without the country where the mobile terminal device is located, which ensures that the detection process covers the service country comprehensively, and The detection efficiency is improved.

In the above implementation manner, the way the terminal device sends the message through the first application program may be that the user operates the first application program to trigger the first application program to send a message, or the first application program may be controlled by an automatic test script The program sends the message, which is not limited in this embodiment.

In the above implementation manner, when there are multiple geographical areas that the first application program can serve, the service interface of each geographical area can be detected separately. On the one hand, the comprehensiveness of the detection results is guaranteed; The detection efficiency is improved.

In a possible implementation, the server may generate the program detection result of the first application program in the following manner: for each service interface, according to the identification result of the at least one message sent through the service interface, determine the The interface detection result corresponding to the service interface; according to the interface detection results corresponding to the K service interfaces, the program detection result corresponding to the first application program is generated, and the program detection result corresponding to the first application program includes the K The interface detection result corresponding to the service interface.

In the above implementation manner, for each service interface, the interface detection result corresponding to the service interface is determined, and the interface detection result corresponding to each service interface is included in the application program detection result, so that the detection result is more refined, so that the user according to The results of the program detection can intuitively know which service interface is abnormal.

In a possible implementation manner, the server may determine the interface detection result corresponding to the service interface in the following manner: if the identification result of each message in the at least one message indicates the sending location and receiving location of the message Located in the same geographical area, and there is no user information in the message, then determine that the interface detection result indicates that there is no abnormality in the service interface; if the identification result of the first message in the at least one message indicates that the If the sending location and the receiving location of the message are not located in the same geographical area, and/or, user information exists in the message, then it is determined that the interface detection result indicates that the service interface is abnormal.

Optionally, when there is an exception in the service interface, the interface detection result corresponding to the service interface may include: an exception level. Optionally, if there is an exception in the service interface, the interface detection result corresponding to the service interface may include: the cause of the exception. In this way, the program detection result is more refined.

In a possible implementation manner, the identification result of each message includes a first identification result, and the first identification result is used to indicate whether the sending location and the receiving location of the message are located in the same geographical area; for the M For any one of the messages, the first identification result of the message may be determined in the following manner: determine the geographical area to which the sending location of the message belongs, and the geographical area to which the receiving location of the message belongs; if The geographic area to which the sending location belongs is the same as the geographic area to which the receiving location belongs, then it is determined that the first identification result of the message indicates that the sending location and the receiving location of the message are located in the same geographic area; if the sending location belongs to If the geographic area is different from the geographic area to which the receiving location belongs, it is determined that the first identification result of the message indicates that the sending location and the receiving location of the message are not located in the same geographic area.

In a possible implementation manner, the first application program includes service interfaces corresponding to K geographical areas, where K is an integer greater than or equal to 1; determine the geographical area to which the sending location of the message belongs, and the The geographical area to which the receiving location of the message belongs includes: determining the first service interface for sending the message from among the K service interfaces; using the geographical area corresponding to the first service interface as the address of the message The geographic area to which the sending location belongs; parsing and processing the message to obtain the geographic area to which the receiving location of the message belongs.

In a possible implementation manner, parsing and processing the message to obtain the geographical area to which the receiving location of the message belongs includes: obtaining the Internet connection corresponding to the receiving location of the message by parsing the message. Protocol IP address; obtain a preset correspondence relationship, the preset correspondence relationship indicates the correspondence relationship between different IP addresses and different geographical regions; determine the geographical region corresponding to the IP address in the preset correspondence relationship as The geographical area to which the receiving location of the message belongs.

In the above implementation manner, the geographical area where the sending location of the message belongs is determined according to the service interface of the sending message, and the geographical area where the receiving location of the message belongs is determined by analyzing the IP address in the message, and then according to Whether the geographical area of the sending location and the receiving location are the same, the first identification result of the message is obtained, which ensures the accuracy of the first identification result, that is, the message transmitted across geographical areas can be accurately and comprehensively identified.

In a possible implementation manner, the identification result of each message includes a second identification result, and the second identification result is used to indicate whether user information exists in the message; for any of the M messages For a message, the second identification result of the message may be determined in the following manner: the target data to be transmitted is obtained by parsing the message; the target data is decrypted to obtain decrypted data; the decrypted The data is matched with the user information corresponding to the first application program to obtain a second identification result of the message.

In a possible implementation manner, the user information corresponding to the first application program includes at least one information item; the decrypted data is matched with the user information corresponding to the first application program to obtain the information of the message. The second identification result includes: respectively matching each information item with the decrypted data to obtain a matching result of each information item; if the matching result of the information item in the at least one information item is successful, then determine The second identification result of the message indicates that user information exists in the message; if the matching result of no information item in the at least one information item is successful, it is determined that the second identification result of the message indicates that the There is no user information in the above message.

In the above implementation manner, the target data to be transmitted is obtained by parsing the message, and the target data is decrypted to obtain the decrypted data, and then according to the matching result of the decrypted data and the user information of the first application program, the message is determined. The second identification result ensures the accuracy of the second identification result, that is, the message transmitting the user information can be accurately and comprehensively identified.

In a possible implementation manner, before the server obtains the M messages sent by the terminal device through the first application, the server further includes: the server sends a control instruction to the terminal device, and the control instruction is used to control the first application The program starts running.

In a possible implementation manner, the server may send a control instruction to the terminal device in the following manner: receive target information sent by the terminal device, where the target information includes resource information required for starting and running the first application program ; Sending the control instruction to the terminal device according to the target information.

In the above implementation manner, the server sends a startup control instruction to the terminal device, and the startup control instruction is used to simulate the user manually clicking the icon of the first application program on the terminal device, so as to trigger the first application program to start running. By sending the start control instruction to the terminal device, the first application program can be run to perform the subsequent detection process, thereby improving the automation degree of application program detection.

In a possible implementation manner, after generating the program detection result corresponding to the first application program according to the identification results of the M messages, the method further includes: displaying the program detection result; or sending the program detection result result. In this way, it is convenient for relevant testing personnel to know the testing results of the program in time.

In the second aspect, the embodiment of the present application provides an application detection device, the application detection device includes:

An acquisition unit, configured to acquire M messages sent by the terminal device through the first application program during the running of the first application program to be detected, where M is an integer greater than or equal to 1;

A determining unit, configured to determine an identification result of each message, where the identification result of each message is used to indicate whether the sending location and the receiving location of the message are located in the same geographical area, and/or, whether User information exists;

A generating unit, configured to generate a program detection result corresponding to the first application program according to the identification results of the M messages.

In a possible implementation manner, the detection device of the application program is applied to a server, the first application program includes service interfaces corresponding to K geographical areas, and the server is provided with a proxy interface corresponding to each service interface , the K is an integer greater than or equal to 1; the acquisition unit includes: a traffic proxy module, configured to obtain, for each service interface, the traffic sent by the terminal device through the service interface through the proxy interface corresponding to the service interface The at least one message.

In a possible implementation manner, the generation unit includes: a detection result generation module, configured to, for each service interface, determine the corresponding Interface detection results; according to the interface detection results corresponding to the K service interfaces, the program detection results corresponding to the first application program are generated, and the program detection results corresponding to the first application program include the program detection results corresponding to the K service interfaces. Interface detection result.

In a possible implementation manner, the detection result generation module is specifically configured to: if the identification result of each message in the at least one message indicates that the sending location and the receiving location of the message are located in the same geographical area, and If there is no user information in the message, it is determined that the interface detection result indicates that there is no abnormality in the service interface; or,

If the identification result of the first message in the at least one message indicates that the sending location and the receiving location of the message are not located in the same geographical area, and/or, there is user information in the message, then determine the The interface detection result indicates that the service interface is abnormal.

In a possible implementation manner, the identification result of each message includes a first identification result, and the first identification result is used to indicate whether the sending location and the receiving location of the message are located in the same geographical area; the determining unit includes: Location analysis module. A location analysis module, configured to determine the geographical area to which the sending location of the message belongs, and the geographical area to which the receiving location of the message belongs; if the geographical area to which the sending location belongs is the same as the geographical area to which the receiving location belongs, then determine The first identification result of the message indicates that the sending location and the receiving location of the message are located in the same geographical area; if the geographical area to which the sending location belongs is different from the geographical area to which the receiving location belongs, then determine the location of the message The first identification result indicates that the sending location and the receiving location of the message are not located in the same geographical area.

In a possible implementation manner, the first application program includes service interfaces corresponding to K geographical areas, where K is an integer greater than or equal to 1; the location analysis module is configured to select from the K service interfaces, determining the first service interface for sending the message; using the geographical area corresponding to the first service interface as the geographical area to which the sending location of the message belongs; parsing and processing the message to obtain the The geographic area to which the receiving location belongs.

In a possible implementation manner, the determining unit further includes: an IP parsing module, configured to parse the message to obtain an Internet Protocol IP address corresponding to a receiving location of the message. The location analysis module is used to obtain a preset corresponding relationship, the preset corresponding relationship indicates the corresponding relationship between different IP addresses and different geographical areas; determine the geographical area corresponding to the IP address in the preset corresponding relationship is the geographical area to which the receiving location of the message belongs.

In a possible implementation manner, the identification result of each message includes a second identification result, and the second identification result is used to indicate whether user information exists in the message; for any of the M messages For a message, the determination unit includes: an encrypted traffic cracking module and a user information matching module. The encrypted traffic cracking module is used to analyze the target data to be transmitted from the message, and decrypt the target data to obtain decrypted data; the user information matching module is used to match the decrypted data with the first application The user information corresponding to the program is matched, and the second recognition result of the message is obtained.

In a possible implementation manner, the user information corresponding to the first application program includes at least one information item; the user information matching module is specifically configured to: respectively match each information item with the decrypted data to obtain each The matching result of the information item; if the matching result of the information item in the at least one information item is successful, it is determined that the second identification result of the message indicates that there is user information in the message; if the at least one information item If the matching result of no information item in the item is successful, then it is determined that the second identification result of the message indicates that there is no user information in the message.

In a possible implementation manner, the apparatus for detecting an application program further includes: a dynamic running module, configured to send a control instruction to the terminal device, and the control instruction is used to control the first application program to start running.

In a possible implementation manner, the dynamic running module is configured to receive target information sent by the terminal device, where the target information includes resource information required for starting and running the first application program; The terminal device sends the control instruction.

In a possible implementation manner, the detection result generating module is further configured to display the program detection result, or send the program detection result.

In a possible implementation manner, the geographical area is an area corresponding to a country.

In a third aspect, the embodiment of the present application provides an electronic device, where the electronic device is a terminal device or a server. The electronic device includes: a processor and a memory. The processor is configured to be coupled with the memory, read and execute instructions in the memory, so as to implement the first aspect or the method described in various possible implementation manners of the first aspect.

In a fourth aspect, the embodiment of the present application provides an apparatus for detecting an application program, including a unit, module, or circuit for performing the method provided in the above first aspect or each possible implementation manner of the first aspect. The data processing apparatus may be a terminal device or a server, or a module applied to a terminal device or a server.

In the fifth aspect, the embodiments of the present application provide a computer-readable storage medium, the computer-readable storage medium stores computer instructions, and when the computer instructions are executed, the first aspect or various possibilities of the first aspect are realized. The method described in the implementation.

In a sixth aspect, an embodiment of the present application provides a computer program product, the computer program product includes a computer program, and when the computer program is executed, implements the first aspect or the various possible implementations of the first aspect. method.

It should be understood that for the beneficial effects of the second aspect to the sixth aspect in the embodiments of the present application, reference may be made to the relevant description of the effective effects in the first aspect above.

The application program detection method, device and equipment provided in the embodiment of the present application, the method includes: during the running process of the first application program to be detected, obtain M messages sent by the terminal device through the first application program, and determine The identification result of each message, the identification result of each message is used to indicate whether the sending location and the receiving location of the message are located in the same geographical area, and/or, whether there is user information in the message, according to the The identification results of the M messages are generated to generate a program detection result corresponding to the first application program. In the above process, the program detection result of the application program is obtained by analyzing the message actually sent by the application program during the running process, which improves the accuracy of the program detection result.

Description of drawings

FIG. 1 is a schematic diagram of a process of detecting an application program;

FIG. 2 is a schematic diagram of a system architecture provided by an embodiment of the present application;

FIG. 3 is a schematic flowchart of an application detection method provided in an embodiment of the present application;

FIG. 4 is a schematic flowchart of another application detection method provided by the embodiment of the present application;

FIG. 5 is a schematic diagram of a message identification process provided by an embodiment of the present application;

FIG. 6 is a schematic diagram of another process for identifying a message provided in an embodiment of the present application;

FIG. 7A is a schematic diagram of a display interface corresponding to a program detection result provided in an embodiment of the present application;

FIG. 7B is a schematic diagram of a display interface corresponding to another program detection result provided in the embodiment of the present application;

FIG. 8A is a schematic diagram of another system architecture provided by the embodiment of the present application;

FIG. 8B is a schematic diagram of an interaction flow of a detection method for an application program corresponding to the system architecture shown in FIG. 8A;

FIG. 9A is a schematic diagram of another system architecture provided by the embodiment of the present application;

FIG. 9B is a schematic diagram of an interaction process of a detection method for an application program corresponding to the system architecture shown in FIG. 9A;

FIG. 10 is a schematic diagram of interface changes of a terminal device provided in an embodiment of the present application;

FIG. 11 is a schematic diagram of the application detection process provided by the embodiment of the present application;

FIG. 12 is a schematic structural diagram of an electronic device provided by an embodiment of the present application.

Detailed ways

In order to facilitate the understanding of the technical solution of the application, the nouns or terms involved in the application are firstly explained.

Application: Refers to a computer program designed to accomplish one or more specific tasks. Applications in this application include, but are not limited to: mobile applications, portals, applets, etc.

User information: In a broad sense, it refers to all kinds of information recorded electronically or in other ways that can identify a specific natural person or reflect the activities of a specific natural person, including but not limited to the name, date of birth, and ID number of a natural person , personal biometric information, address, phone number, email address, health information, whereabouts information, etc.

Cross-border transfer of user information: refers to the transfer of user information from one country to another.

As mentioned above, in order to realize the supervision of applications, a method of detecting applications is needed to detect whether the applications transmit user information across borders.

FIG. 1 is a schematic diagram of a process of detecting an application program. In this technology, the detection can be realized by parsing the installation package of the application program. Specifically, as shown in FIG. 1 , reverse analysis (for example, decompilation) is performed on the installation package of the application program to obtain the source code. The source code is matched with preset keywords to detect the user information and the domain name to which the user information is sent. Furthermore, the domain name is analyzed to determine the target address to which the user information is sent, so as to determine whether the user information is transmitted across borders, and obtain the program detection result.

For example, the source code of the application is obtained after reverse analysis is performed on the installation package of the application. Use the preset keywords "name", "identification", "birthday", etc. to match the source code, and search for user information from the source code. In addition, the domain name to which the user information is sent is searched out from the source code, and the domain name is analyzed to obtain the target network address. If the target network address is an overseas network address, it means that the application program has carried out cross-border transmission of user information.

However, the above-mentioned technology adopts the method of performing static analysis on the installation package. The "static" here means that the application program does not need to be run, and only the installation package of the application program needs to be analyzed. The detection results of the above methods depend on the coding style of the source code, and the coding styles of different developers are usually different. Taking the variable corresponding to "user name" in the source code as an example, some developers may name it "name", while some developers may Named "Nm", and some developers may name it "Nm01", "Nm_01", etc. In this way, the user information is identified from the source code by using the preset keyword, so that there is a problem of misdetection or missed detection of the user information. In addition, the above method needs to search the domain name from the source code, but in actual application, the domain name may be dynamically generated during the running of the application, so the domain name obtained by the above method is not comprehensive. Based on the above analysis, it can be seen that the accuracy of the program detection results obtained by the above method is not high.

In order to solve the above-mentioned technical problems, the embodiment of the present application provides a detection method of an application program, which is different from the static analysis method adopted in the above-mentioned related art, and the embodiment of the present application adopts a dynamic analysis method. Specifically, during the running of the application program to be detected, multiple messages (that is, dynamic traffic data) sent by the terminal device through the application program can be obtained in real time, and by identifying and processing the multiple messages, each message can be obtained The identification result of each message, the identification result of each message is used to indicate whether the sending location and the receiving location of the message are located in the same geographical area, and/or, whether there is user information in the message, and then, according to the multiple messages The identification result determines the program detection result corresponding to the application program. In the technical solution of the present application, since the program detection result of the application program is determined by analyzing the message actually sent by the application program during the running process, the accuracy of the program detection result is guaranteed.

FIG. 2 is a schematic diagram of a system architecture provided by an embodiment of the present application. As shown in FIG. 2 , the system architecture includes an application detection client (hereinafter referred to as “detection client”) and an application detection server (hereinafter referred to as “detection server”). Detect applications that are installed on the client to be detected. The detection server provides the function of detecting the application program.

In the system architecture shown in Figure 2, the detection client refers to a terminal device that installs an application program to be detected, including but not limited to smart phones, smart wearable devices, smart home devices, personal computers (personal computers, PCs), wireless Handheld devices, computing devices, vehicle-mounted devices or wearable devices with communication functions, virtual reality (virtual reality, VR) terminal devices, augmented reality (augmented reality, AR) terminal devices, wireless terminals in industrial control (industrial control), wireless Wireless terminals in self driving, wireless terminals in remote medical, wireless terminals in smart grid, wireless terminals in transportation safety, smart city Wireless terminals in smart homes, wireless terminals in smart homes, etc. Wherein, the personal computer may be, for example, a tablet computer, a notebook computer, a desktop computer, a super mobile personal computer, a personal digital assistant, and the like. The detection server may be, for example, a router, a switch, or a server, and the server may be, for example, an enterprise server, an operator server, or a service provider server. In some possible scenarios, the server may be a cloud server.

It should be noted that, in some scenarios, the detection client and the detection server may be deployed in different electronic devices, for example, the detection client is a terminal device, and the detection server is a server. In other scenarios, the detection client and the detection server may also be deployed in the same electronic device, for example, both are deployed in the electronic device where the application program to be detected is installed. For convenience of description, in the subsequent embodiments, the detection client is taken as a terminal device, and the detection server is used as an example for description.

Through the interaction between the terminal device and the server, the detection of the application program can be realized. Continuing to refer to FIG. 2 , the application program to be detected runs in the terminal device. During the running of the application program, the server can obtain the message (that is, flow data) sent by the terminal device through the application program in real time, and detect and process the message to obtain the program detection result.

It should be noted that the server shown in FIG. 2 refers to a server for providing a detection function for an application program, which is different from a server for providing a service for an application program. In order to distinguish, the server used to provide services to the application program is called the application server, and the server used to provide the detection function of the application program is called the detection server. During the running of the application program, the terminal device sends a message to the application server through the application program. The detection server may obtain the message sent by the terminal device to the application server through a certain technology (for example, through a traffic proxy technology, a message interception technology, etc.). Furthermore, the detection server detects and processes the obtained message to obtain a program detection result.

Optionally, after the server obtains the program detection result, it may send the program detection result to the terminal device. Optionally, the server may display program detection results. In the embodiment of the present application, the detection process of the application program can be automatically executed by the terminal device and the server, so that the detection efficiency is high.

The application detection method provided in the embodiment of the present application can be applied in various application scenarios. Several possible scenarios are taken as examples for illustration below.

In an example scenario, the supervision department may use the method of the embodiment of the present application to detect the application program during security detection, and obtain the program detection result. If the program detection result indicates that the application program is abnormal, the application program is required to make rectification according to the program detection result. Since the program detection result of the application program is obtained by analyzing the message actually sent by the application program during the running process, the accuracy of the program detection result is guaranteed.

In another example scenario, an application distribution platform (such as an application market, an application store, and a mobile phone manager) is responsible for providing download/installation portals for various types of applications. Before an application program is released on the application distribution platform, or after the application program is updated, the application program may be detected by using the method of the embodiment of the present application to obtain the program detection result. If the program detection results indicate that the application is abnormal, the application is required to be rectified before being put on the shelves.

Usually, the application distribution platform needs to put a large number of application programs on the shelves, and the method of the embodiment of the present application can automatically complete the detection of the application programs to ensure the detection efficiency.

In yet another exemplary scenario, during the development and testing of the application program, the application program may be tested by using the method of the embodiment of the present application, and a program test result may be obtained. If the program detection result indicates that the application program is abnormal, it shall be corrected in time during the subsequent development process, so as to avoid the rectification workload required for rectification after the application program is released.

It should be noted that the embodiment of the present application does not limit the application scenarios of the application checking method, and the application checking method may also be used by third-party testing. It should be noted that when a user uses a website or other system programs, the transmission of user information across geographical regions may also be involved. Therefore, the embodiments of the present application may also be applicable to detecting websites or other system programs.

In some possible implementations, the application needs to provide a privacy statement to the user. In the privacy statement, the use of user information by the terminal device during the use of the application by the user is explained. After the program detection result of the application program is detected by the embodiment of the present application, the program detection result can be compared with the privacy statement of the application program to determine whether the application program transmits user information according to the terms of the privacy statement.

The technical solution of the present application will be described in detail below with specific embodiments. The following specific embodiments may be combined with each other, and the same or similar concepts or processes may not be repeated in some embodiments.

FIG. 3 is a schematic flowchart of a method for detecting an application provided by an embodiment of the present application. As shown in Figure 3, the method of this embodiment includes:

S301: Acquire M packets sent by the terminal device through the first application program during running of the first application program to be detected, where M is an integer greater than or equal to 1.

In this embodiment, the first application program to be detected runs on the terminal device. During the running of the first application program, the execution subject of this embodiment acquires M messages sent by the terminal device through the first application program. M is an integer greater than or equal to 1. Wherein, each message may correspond to a network request sent by the first application program to its corresponding application server. Each message indicates the target data to be transmitted by the first application program, and the target network address to which the target data is to be transmitted.

The execution subject of this embodiment may be a terminal device or a server. It can be understood that when the execution subject of this embodiment is a terminal device, the terminal device can obtain the M messages sent by the first application program by monitoring its own sending interface. When the execution subject of this embodiment is a server, the server may obtain M messages sent by the terminal device through the first application program through message interception technology, traffic proxy technology, and the like.

S302: Determine the identification result of each message, the identification result of each message is used to indicate whether the sending location and receiving location of the message are located in the same geographical area, and/or, whether there is user information in the message .

In this embodiment, the identification result of each message can be obtained by performing identification processing on each message.

In a possible implementation manner, the identification result of each message is used to indicate whether the sending location and the receiving location of the message are located in the same geographical area. That is, the implementation can identify whether a message is transmitted across geographic regions.

Wherein, the sending location of the message is usually the location of the terminal equipment, or the location of the user of the terminal equipment. The receiving location of the message refers to the location of the application server of the first application program.

Optionally, the geographical area may be a geographical area divided according to the coverage of the country. The area covered by a country is called a geographic area. Correspondingly, another expression of "the first identification result is used to indicate whether the sending location and the receiving location of the message are located in the same geographical area" is "the first identification result is used to indicate that the message Whether the sending location and the receiving location are located in the same country", or "the first identification result is used to indicate whether the message is transmitted across countries (cross-borders)".

Usually, at least one of the sending location and the receiving location is carried in the message in the form of an Internet Protocol (Internet Protocol, IP) address. Therefore, the identification result can be obtained by parsing and processing the IP address in the message.

In another possible implementation manner, the identification result of each packet is used to indicate whether there is user information in the packet. That is to say, this implementation can identify whether the packet transmits user information.

Specifically, the target data to be transmitted in the message may be parsed to determine whether there is user information in the target data, thereby obtaining the recognition result.

In another possible implementation manner, the identification result of each message is used to indicate whether the sending location and the receiving location of the message are located in the same geographical area, and whether there is user information in the message. That is to say, this implementation method can not only identify whether the message is transmitted across geographical regions, but also identify whether the message transmits user information.

S303: Generate a program detection result corresponding to the first application program according to the identification results of the M packets.

In practical applications, the identification results of M messages may have the following situations:

Case 1: The identification result of each of the M messages indicates that the sending location and the receiving location of the message are located in the same geographical area, and there is no user information in the message. That is to say, none of the M messages transmits user information across geographic regions. In this case, it may be determined that the program detection result corresponding to the first application program is normal.

When the execution subject of this embodiment is a terminal device, the terminal device may display the program detection result after generating the program detection result corresponding to the first application program, so that relevant personnel can know the program detection result in time.

When the execution subject of this embodiment is a server, after the server generates the program detection result corresponding to the first application program, it can display the program detection result, or send the program detection result to the terminal device, so that relevant personnel can know the program detection result in time. result.

The application detection method provided in this embodiment includes: during the running of the first application to be detected, acquiring M messages sent by the terminal device through the first application, and determining the recognition result of each message , the identification result of each message is used to indicate whether the sending location and the receiving location of the message are located in the same geographical area, and/or, whether there is user information in the message, according to the identification of the M messages As a result, a program detection result corresponding to the first application program is generated. In the above process, the program detection result of the application program is obtained by analyzing the message actually sent by the application program during the running process, which improves the accuracy of the program detection result.

On the basis of the embodiment shown in FIG. 3 , the technical solution provided by the present application will be described in more detail below with a more specific embodiment.

FIG. 4 is a schematic flowchart of another detection method for an application provided by an embodiment of the present application. As shown in Figure 4, the method of this embodiment includes:

S401: Send a startup control instruction to the terminal device, where the startup control instruction is used to control the startup and operation of the first application program to be detected.

The method in this embodiment can be executed by a server. The server sends the start control instruction to the terminal device, and the start control instruction is used to simulate the user manually clicking the icon of the first application program on the terminal device, so as to trigger the first application program to start and run. By sending the start control instruction to the terminal device, the first application program can be run to perform the subsequent detection process, thereby improving the automation degree of application program detection.

In a possible implementation manner, before the server sends the start control instruction to the terminal device, the server may receive target information sent by the terminal device, where the target information includes resource information required for starting and running the first application program. For example, at least one of the following resource information may be included: routing configuration information, application programming interface (Application Programming Interface, API) information of the terminal device, software package information to be loaded, and the like. In this way, the server can send an activation control instruction to the terminal device according to the target information.

Optionally, the target information further includes user information corresponding to the first application. The user information corresponding to the first application program may be used in S403 to identify and process the message, so as to identify whether there is user information in the message. The user information corresponding to the first application includes but is not limited to at least one of the following: name, date of birth, ID number, personal biometric information, address, phone number, email, health information, whereabouts information, etc.

S402: During the running of the first application program, for the service interface corresponding to each geographical area of the first application program, obtain at least one message sent by the terminal device through the service interface through the proxy interface corresponding to the service interface.

In this embodiment, the first application program includes service interfaces corresponding to each of the K geographical areas. K is an integer greater than or equal to 1. For example, assume that the first application program includes service interfaces corresponding to four countries, namely: service interface A corresponding to country A, service interface B corresponding to country B, service interface C corresponding to country C, and service interface corresponding to country D Interface D. The terminal device sends messages via service interface A in country A, via service interface B in country B, via service interface C in country C, and via service interface D in country D.

The server is provided with a proxy interface corresponding to each service interface, for example: proxy interface A corresponding to service interface A, proxy interface B corresponding to service interface B, proxy interface C corresponding to service interface C, corresponding to service interface D The proxy interface D. Each proxy interface is used to realize the traffic proxy function. That is to say, proxy interface A can proxy to receive packets sent through service interface A, proxy interface B can proxy to receive packets sent through service interface B, proxy interface C can proxy to receive packets sent through service interface C, and proxy Interface D can act as a proxy to receive packets sent through service interface D.

In this way, the server can obtain at least one message sent by the terminal device through the service interface A through the proxy interface A, obtain at least one message sent by the terminal device through the service interface B through the proxy interface B, and obtain at least one message sent by the terminal device through the service interface B through the proxy interface C. The at least one message sent by C obtains at least one message sent by the terminal device through the service interface D through the proxy interface D.

S403: Determine the identification result of each message, the identification result of each message is used to indicate whether the sending location and receiving location of the message are located in the same geographical area, and/or, whether there is user information in the message .

Specifically, the identification result of each packet includes the first identification result and/or the second identification result. Wherein, the first identification result is used to indicate whether the sending location and the receiving location of the message are located in the same geographical area. The second identification result is used to indicate whether there is user information in the packet.

In a possible implementation manner, the following possible manners may be used to determine the first identification result of each message.

(1) Determine the geographical area to which the sending location of the message belongs, and the geographical area to which the receiving location of the message belongs.

Assume that the first application program includes service interfaces corresponding to K geographical areas, where K is an integer greater than or equal to 1. When the terminal device sends the message through the first application program, it sends the message through the service interface corresponding to the geographical area to which the current location of the terminal device belongs. For example, if the current location of the terminal device is in country A, then the message will be sent through service interface A; if the current location of the terminal device is in country B, then the message will be sent through service interface B. Therefore, for each message, the geographical area corresponding to the service interface that sends the message may be used as the geographical area to which the sending location of the message belongs.

The process of identifying the message will be described below with reference to FIG. 5 . FIG. 5 is a schematic diagram of a packet identification process provided by an embodiment of the present application. As shown in Figure 5, for each message, first, from the K service interfaces, determine the first service interface that sends the message, and use the geographical area corresponding to the first service interface as the message The geographical area to which the text is sent. Further, the message is parsed to obtain the geographical area to which the receiving location of the message belongs.

Optionally, the geographical area to which the receiving location of the message belongs may be obtained in the following manner: as shown in FIG. 5 , the IP address corresponding to the receiving location of the message is obtained by parsing the message. The IP address refers to the destination network address to which the packet is to be sent. Usually, the IP address is carried in the message explicitly or implicitly, and the IP address can be obtained by parsing the message according to the protocol format adopted by the message. Further, a preset corresponding relationship is acquired, and the preset corresponding relationship indicates a corresponding relationship between different IP addresses and different geographic regions. Determining the geographical area corresponding to the IP address in the preset correspondence relationship as the geographical area to which the receiving location of the message belongs. That is to say, by using the IP address to query the preset correspondence relationship, the geographical area to which the receiving location of the message belongs can be obtained.

(2) If the geographic area to which the sending location belongs is the same as the geographic area to which the receiving location belongs, then determine that the first identification result of the message indicates that the sending location and the receiving location of the message are located in the same geographic area; if the If the geographic area to which the sending location belongs is different from the geographic area to which the receiving location belongs, then it is determined that the first identification result of the message indicates that the sending location and the receiving location of the message are not located in the same geographic area.

For example, if the geographical area of a sending location of a certain message is country A, and the geographical area of the receiving location is country B, the first identification result of the message indicates that the sending location and the receiving location are not located in the same geographical area. If the geographical area of the sending location of a certain message is country C, and the geographical area of the receiving location is country C, then the first identification result of the message indicates that the sending location and the receiving location are located in the same geographic area.

In this embodiment, by determining the geographical area where the sending location of the message belongs to according to the service interface that sends the message, and by analyzing the IP address in the message, it is determined that the geographical area that the receiving location of the message belongs to, and then according to Whether the geographical area to which the sending location belongs is the same as that to which the receiving location belongs, the first identification result of the message is obtained, which ensures the accuracy of the first identification result, that is, the message transmitted across geographical areas can be accurately and comprehensively identified.

In a possible implementation manner, the second identification result of each message may be determined in a manner as shown in FIG. 6 . FIG. 6 is a schematic diagram of another packet identification process provided by the embodiment of the present application. As shown in Figure 6,

(1) Parsing the message to obtain the target data to be transmitted.

It can be understood that the target data to be transmitted can be obtained by parsing the message according to the protocol format adopted by the message.

(2) Decrypt the target data to obtain decrypted data.

In practical applications, in order to ensure the security of data transmission, the sender encrypts the target data in the message before sending the message. That is to say, the target data analyzed in the above step (1) is encrypted data. Therefore, the encryption and decryption algorithm corresponding to the first application program may be used to decrypt the target data, or the target data may be decrypted to obtain decrypted data.

(3) Perform matching processing on the decrypted data and the user information corresponding to the first application program to obtain a second identification result of the message.

Optionally, the user information corresponding to the first application program includes at least one information item. The second recognition result of the message may be determined in the following manner:

Each information item is matched with the decrypted data respectively to obtain a matching result of each information item, and the matching result of each information item is success or failure. If the matching result of the existence of the information item in the at least one information item is successful, it is determined that the second identification result of the message indicates that the user information exists in the message. If the matching result of no information item in the at least one information item is successful, it is determined that the second identification result of the message indicates that there is no user information in the message.

For example, assume that the user information corresponding to the first application program includes the following two information items: "56215467812" and "AAAaaa". Among them, "56215467812" indicates the user location, and "AAAaaa" indicates the device ID. If at least one of "56215467812" and "AAAaaa" exists in the decrypted data corresponding to a certain message, it means that the second identification result of the message indicates that the message contains user information. If neither "56215467812" nor "AAAaaa" exists in the decrypted data of a certain message, it means that the second identification result of the message indicates that there is no user information in the message.

In this embodiment, the target data to be transmitted is obtained by parsing the message, and the target data is decrypted to obtain the decrypted data, and then according to the matching result of the decrypted data and the user information of the first application program, the information of the message is determined. The second identification result ensures the accuracy of the second identification result, that is, the message transmitting the user information can be accurately and comprehensively identified.

S404: For each service interface, determine an interface detection result corresponding to the service interface according to the identification result of the at least one message sent through the service interface.

Exemplarily, if the identification result of each message in the at least one message indicates that the sending location and the receiving location of the message are located in the same geographical area, and there is no user information in the message, then determine The interface detection result indicates that there is no abnormality in the service interface.

For example, assume that among the N1 messages sent by the terminal device through service interface A, the identification result of each message indicates that the sending location and the receiving location of the message are located in the same geographical area, and there is no user in the message. That is to say, none of the N1 messages transmit user information across geographic regions, which means that there is no abnormality in service interface A.

Assume that among the N2 messages sent by the terminal device through the service interface B, there is a message whose identification result indicates that the sending location and the receiving location of the message are not located in the same geographical area, that is, there are cross-geographical messages among the N2 messages. If the packet is transmitted, it indicates that there is an exception in service interface B.

Assuming that among the N3 messages sent by the terminal device through the service interface C, the identification result of a certain message indicates that there is user information in the message, that is, there is a message transmitting user information in the N3 messages, then it means There is an exception in service interface C.

Assume that among the N4 messages sent by the terminal device through the service interface D, there is a message whose identification result indicates that the sending location and the receiving location of the message are not located in the same geographical area, and there is user information in the message, that is, If among the N4 messages, there is a message for transmitting user information across geographic regions, it means that there is an exception in the service interface D.

Optionally, when there is an exception in the service interface, the interface detection result corresponding to the service interface may include: an exception level. For example, the abnormality levels of the above-mentioned service interface B and service interface C are minor level, and the abnormality level of service interface D is severe level.

Optionally, if there is an exception in the service interface, the interface detection result corresponding to the service interface may include: the cause of the exception. For example, the abnormal reason corresponding to the above-mentioned service interface B is "Transfer across geographic regions", the corresponding abnormal reason of the above-mentioned service interface C is "Transfer user information", and the abnormal reason corresponding to the above-mentioned service interface D is "Transfer user information across geographic regions" . Optionally, the reason for the above abnormality may be represented by text or an identification code.

S405: Generate a program detection result corresponding to the first application program according to the interface detection result corresponding to each service interface, where the program detection result corresponding to the first application program includes the interface detection result corresponding to each service interface.

As an example, the program detection results of the first application program can be shown in Table 1:

Table 1

the	正常/异常normal/abnormal	异常等级Exception level	异常原因Abnormal
服务接口AService interface A	正常normal	//	//
服务接口Bservice interface B	异常abnormal	轻微slight	跨地理区域传输Transmitting across geographic regions
服务接口Cservice interface C	异常abnormal	轻微slight	传输用户信息Transfer user information
服务接口DService interface D	异常abnormal	严重serious	跨地理区域传输用户信息Transferring User Information Across Geographic Areas

As another example, FIG. 7A is a schematic diagram of a display interface corresponding to a program detection result provided in an embodiment of the present application. As shown in FIG. 7A , in the display interface, whether the service interface A, the service interface B, the service interface C, and the service interface D are normal is displayed respectively. When a certain service interface is abnormal, it also displays the corresponding exception level of the service interface.

As yet another example, FIG. 7B is a schematic diagram of a display interface corresponding to another program detection result provided in the embodiment of the present application. As shown in FIG. 7B , in the display interface, whether the service interface A, service interface B, service interface C, and service interface D are normal is displayed respectively. When a certain service interface is abnormal, the abnormal cause corresponding to the service interface is also specifically displayed.

In actual application scenarios, when terminal devices are located in different countries, they send messages through different service interfaces. Therefore, when detecting the first application program, if it is necessary to detect service interfaces corresponding to multiple countries, it is necessary to obtain messages sent through multiple service interfaces.

In a possible implementation manner, terminal devices located in different countries may be used for detection. For example, the server obtains the message sent by the terminal device A (located in country A) through the service interface A of the first application program, and obtains the interface detection result of the service interface A by analyzing the message. The server obtains the message sent by the terminal device B (located in country B) through the service interface B of the first application program, and obtains the interface detection result of the service interface B by analyzing the message. The server acquires the message sent by the terminal device C (located in country C) through the service interface C of the first application program, and obtains the interface detection result of the service interface C by analyzing the message. The server obtains the message sent by the terminal device D (located in the country D) through the service interface D of the first application program, and obtains the interface detection result of the service interface D by analyzing the message. Furthermore, the interface detection results of the above service interfaces are integrated to obtain the program detection result of the first application program.

In another possible implementation manner, one terminal device may be used to complete the detection process for multiple service interfaces. For example, by piling and burying the terminal equipment, changing the location of the terminal equipment, respectively simulating the following scenarios: (1) The terminal equipment is located in country A, and the terminal equipment is sent through the service interface A of the first application program. message; (2) the terminal device is located in country B, and sends the message through the service interface B of the first application program; (3) the terminal device is located in country C, and sends the message through the service interface C of the first application program; (4) The terminal device is located in country D, and sends the message through the service interface D of the first application program. In each of the above scenarios, the server obtains the message sent by the terminal device through the first application program, and analyzes the message to obtain the interface detection result corresponding to each service interface. Furthermore, the interface detection results of the above service interfaces are integrated to obtain the program detection result of the first application program. In this implementation mode, the detection of all service interfaces of the first application program can be completed by using one terminal device without the country where the mobile terminal device is located, which ensures the comprehensiveness of the detection process for the service country and improves the detection efficiency.

In each of the above implementations, the way the terminal device sends the message through the first application program may be that the user operates the first application program to trigger the first application program to send a message, or the first application program may be controlled by an automatic test script. The application program sends the message, which is not limited in this embodiment.

In this embodiment, because the program detection result of the application program is obtained by analyzing the message actually sent by the first application program during the running process, the accuracy of the program detection result is guaranteed. Further, when there are multiple geographical areas that the first application program can serve, the service interface of each geographical area can be detected separately, on the one hand, the comprehensiveness of the detection results is guaranteed, on the other hand, it also improves the detection efficiency.

FIG. 8A is a schematic diagram of another system architecture provided by the embodiment of the present application. As shown in FIG. 8A, the system architecture includes: a terminal device and a server. Wherein, the server includes: a runtime system, a position analysis system, an interface positioning system, a data analysis system, and a detection result generation system. A first application program to be detected is installed in the terminal device.

FIG. 8B is a schematic diagram of an interaction flow of a detection method for an application program corresponding to the system architecture shown in FIG. 8A . As shown in FIG. 8B, the detection method of the application program in this embodiment includes:

S801: The runtime system controls the first application program to be detected to start running.

S802: The runtime system acquires the message sent by the terminal device through the first application program.

In this embodiment, the runtime system provides a traffic proxy function to proxy the traffic data of the first application program in various service geographical regions in the world in real time, so as to ensure the detection of traffic in all service geographical regions and improve the comprehensiveness of detection.

S803: the runtime system sends a message to the position analysis system and the interface positioning system.

S804: The location analysis system performs identification processing on the message to obtain a first identification result of the message, and the first identification result is used to indicate whether the sending location and the receiving location of the message are located in the same geographical area.

S805: The location analysis system sends the first identification result of the message to the detection result generation system.

S806: The interface positioning system determines the service interface corresponding to the packet.

The interface locating system performs interface-level locating for each message, so that subsequent interface-level detection results can be obtained for each service interface.

S807: The interface locating system sends the service interface corresponding to the message to the detection result generating module.

S808: The interface positioning system parses the message to obtain the target data to be transmitted, and decrypts the target data to obtain the decrypted data.

S809: The interface positioning system sends the decrypted data to the data analysis system.

S810: The data analysis system matches the decrypted data with the user information corresponding to the first application program to obtain a second identification result of the message. The second identification result is used to indicate whether there is user information in the packet.

S811: The data analysis system sends the second identification result of the packet to the detection result generation system.

S812: The detection result generating system generates a program detection result corresponding to the first application program according to the service interface corresponding to the message and the first identification result and/or the second identification result of the message.

In this embodiment, the above S802 to S811 may be executed in a loop multiple times. S804-S805, S806-S809, and S810-S811 can be executed at the same time, and there is no distinction between the three.

FIG. 9A is a schematic diagram of another system architecture provided by the embodiment of the present application. On the basis of the embodiment shown in FIG. 8A , as shown in FIG. 9A , the terminal device includes: a static analysis module, a runtime plug-in module and a display module. The runtime system in the server includes: a dynamic operation module and a traffic proxy module; the location analysis system includes: an IP resolution module and a location analysis module; the interface location system includes: an encrypted traffic cracking module. The data analysis system includes: a user information matching module; the detection result generation system includes: a detection result generation module.

FIG. 9B is a schematic diagram of an interaction flow of a detection method for an application program corresponding to the system architecture shown in FIG. 9A . As shown in FIG. 9B, the application detection method of this embodiment includes:

S901: The static parsing module performs reverse parsing processing on the installation package of the first application program to be detected to obtain target information, where the target information includes resource information required for starting and running the first application program.

S902: The static analysis module sends the target information to the dynamic operation module.

Optionally, the target information further includes: user information corresponding to the first application program. When the target information includes the user information corresponding to the first application program, the static analysis module can also send the user information corresponding to the first application program to the runtime system, so that the static analysis module can provide the data analysis system with the user information corresponding to the first application program. Information, used for matching processing of user information.

S903: The dynamic running module interacts with the runtime plug-in module according to the target information, and controls the first application program to start running.

Exemplarily, the dynamic running module sends control instructions to the runtime plug-in module, and the runtime plug-in module sends event information to the dynamic running module. The runtime plug-in module ensures that the first application runs dynamically.

S904: The traffic proxy module obtains the message sent by the terminal device through the first application program.

S905: The traffic proxy module sends the packet to the IP analysis module and the encrypted traffic cracking module.

S906: The IP parsing module parses the message to obtain the IP address corresponding to the receiving location of the message.

S907: The location analysis module determines the geographical area corresponding to the IP address in the preset correspondence relationship as the geographical area to which the receiving location of the message belongs.

S908: The location analysis module determines the geographical area corresponding to the first service interface that sends the message as the geographical area to which the sending location of the message belongs.

S909: The location analysis module determines the first identification result of the message according to the geographical area to which the sending location and the receiving location of the message belong, and the first identification result is used to indicate whether the sending location and the receiving location of the message are located in the same geographical area .

S910: The location analysis module sends the first identification result of the packet to the detection result generation module.

S911: The encrypted traffic cracking module determines the service interface corresponding to the message.

S912: The encrypted traffic cracking module sends the service interface corresponding to the message to the detection result generating module.

S913: The encrypted traffic cracking module parses the message to obtain the target data to be transmitted, and decrypts the target data to obtain the decrypted data.

S914: The encrypted traffic cracking module sends decrypted data to the user information matching module.

S915: The user information matching module matches the decrypted data with the user information corresponding to the first application program, and obtains a second identification result of the message, and the second identification result is used to indicate whether there is user information in the message.

S916: The user information matching module sends the second identification result of the message to the detection result generating module.

It should be understood that the above S904 to S916 are executed repeatedly multiple times, that is, to detect and analyze multiple messages sent by the terminal device through the first application program. When the detection is completed (for example, the number of detected packets reaches a preset number, or the detection time reaches a preset duration), the detection result generation module sends a stop operation instruction to the dynamic operation module.

S917: The detection result generation module generates a program detection result corresponding to the first application program according to the service interface corresponding to the message and the first identification result and/or the second identification result of the message.

S918: The detection result generating module sends the program detection result to the display module.

S919: The display module displays the program detection results.

In this embodiment, S906-S910, S911-S914, and S915-S916 can be executed at the same time, and the order of the three is not distinguished.

It should be understood that the flow of the method for detecting an application shown in FIG. 8B and FIG. 9B has the same technical effect as that of the above embodiment, and reference may be made to relevant descriptions of the above embodiment, and details are not repeated here.

On the basis of any of the above embodiments, the technical solution of the present application will be illustrated below in conjunction with a specific example. In the embodiment of the present application, the installation package of the application program to be detected can be downloaded to the terminal device, and then the interaction process between the terminal device and the server is triggered, so as to realize the detection method of the application program in any of the above embodiments.

FIG. 10 is a schematic diagram of interface changes of a terminal device provided by an embodiment of the present application. As shown in FIG. 10 , the identifier of the application to be detected may be displayed on the interface 1001 . If the application to be detected is application X, the identifier of the application to be detected may be the icon or name of the application X. The interface 1001 may also display a "detection" control, and the inspector may click on the "detection" control to trigger the execution of the application detection method in the above-mentioned embodiment. When the terminal device receives the program detection result of the application program X from the server, the interface 1001 may jump to the interface 1002, and the interface 1002 may be similar to the interface in FIG. 7A or FIG. Optionally, in a possible implementation manner, the above interface 1001 may jump to interface 1003 first, and then jump to interface 1002. Wherein, the interface 1003 may display a text reminder message of "application detection in progress".

FIG. 11 is a schematic diagram of an application detection process provided by an embodiment of the present application. In this embodiment, it is assumed that the application program X to be tested provides services in country A, country B, country C and country D. As shown in Figure 11, the detection process for application X is as follows:

(1) The terminal device performs reverse analysis processing on the installation package of the application program X through the static analysis module, and obtains the resource information required for the application program X to start and run. As an example, as shown in 1101 in Figure 11, the resource information obtained through parsing may include:

Routing list: en\ru\cn\eu

Library list: library 1\ library 2

Device API interface: device information interface (getImei)\location information interface (getLocation)

wait.

(2) The server interacts with the terminal device to control the application program X to start and run. As an example, the interaction between the dynamic running module in the server and the running plug-in module in the terminal device is as follows:

As shown in 1102 in Figure 11, the interactive instructions corresponding to the dynamic running module in the server are as follows:

send: run apk

send: get webview text

Receive: update location information "56215467812"

Receive: Get device information "AAAaaa"

As shown in 1103 in FIG. 11 , the interaction instructions corresponding to the runtime plug-in module in the terminal device are as follows:

Receive: run apk

Receive: Get the web view text

Send: update location information "56215467812"

Send: get device information "AAAaaa"

After the above interaction process, the application program X starts to run, and, as shown in 1113 in FIG. 11 , the user information matching module of the server obtains the user information corresponding to the application program X including:

Location information: 56215467812

Device information: AAAaaa

(3) The server obtains the message sent by the terminal device through the first application program.

Exemplarily, the application program X includes a service interface corresponding to each service geographic area. The server proxies the traffic of each service interface through the traffic proxy module. As an example, as shown in 1104 in Figure 11, it is assumed that the service interface corresponding to each service geographic area is as follows:

Country A-Service Interface A: en.ttt.com/A

Country B - Service Interface B: eu.ttt.com/B

National C-service interface C: ru.ttt.com/C

National D-service interface D: cn.ttt.com/D

(4) The IP parsing module in the server parses the message to obtain the IP address corresponding to the receiving location of the message. As an example, as shown in 1105 in FIG. 11 , it is assumed that the IP addresses obtained through analysis in the four packets are as follows:

Message 1: 199.60.4.20

Message 2: 154.12.1.3

Message 3: 163.43.9.4

Message 4: 172.78.45.45

(5) The location analysis module in the server maps the IP address to a geographical area according to the preset corresponding relationship, and obtains the geographical area to which the receiving location of the message belongs. As an example, as shown in 1106 in FIG. 11 , the geographical areas to which the receiving locations of the above four messages belong are as follows:

199.60.4.20: Country A

154.12.1.3: Country F

163.43.9.4: Country D

172.78.45.45: Country D

(6) The location analysis module in the server determines the geographical area to which the sending location of the message belongs according to the service interface of the sending message. Assume that the geographical areas where the sending locations of the above four messages belong are as follows:

Message 1: Country A

Message 2: Country B

Message 3: Country C

Message 4: Country D

(7) The location analysis module in the server determines the first identification result of the message according to the geographical area of the sending location and the receiving location of the message, namely: whether the message is transmitted across borders. As an example, as shown in 1107 in Figure 11, the first identification results of the above four messages are as follows:

Message 1: Country A -> Country D cross-border

Message 2: Country B -> Country F cross-border

Message 3: Country C -> Country D cross-border

Message 4: Country D -> Country D has not crossed the border

(8) The encrypted traffic cracking module in the server determines the service interface corresponding to the message. As an example, as shown in 1108 in FIG. 11 , it is assumed that the geographical areas where the sending locations of the above four messages belong are as follows:

Message 1: service interface A

Message 2: service interface B

Message 3: service interface C

Message 4: service interface D

(9) The encrypted traffic cracking module in the server parses the message to obtain the target data to be transmitted. As an example, as shown in 1109 in Figure 11, the target data obtained by parsing the above four messages is as follows:

Message 1: <dasdzxoiajs==>

Packet 2: <8798797>

Packet 3: <AAAaaa>

Message 4: <ssadasdasa>

(10) The encrypted traffic cracking module in the server decrypts the target data to obtain the decrypted data. As an example, as shown in 1110 in Figure 11, the decrypted data corresponding to the above four messages are as follows:

Packet 1: 56215467812

Message 2: 8798797

Packet 3: AAAaaa

Packet 4: AAAaaa

(11) The user information matching module in the server matches the decrypted data with the user information corresponding to the first application program, and determines the first identification result of the message, that is, whether there is user information in the message. As shown in 1111 in Figure 11, the second identification results corresponding to the above four messages are as follows:

Packet 1: 56215467812 User information exists

Message 2: 8798797 There is no user information

Packet 3: AAAaaa has user information

Packet 4: AAAaaa has user information

(12) The detection result generating module in the server integrates the service interface corresponding to each message, the first identification result and the second identification result, as shown in 1112 in Figure 11, obtains:

Message 1: service interface A cross-border user information exists

Message 2: service interface B cross-border user information does not exist

Message 3: service interface C cross-border user information exists

Message 4: Service interface D is not cross-border and has user information

(13) The detection result generation module in the server generates a program detection result corresponding to the application program X according to the above integration result. As shown in 1112 in Figure 11, the program detection results are as follows:

Service interface A is abnormal (serious)

Service interface B exception (minor)

Service interface C exception (critical)

Service interface D exception (minor)

Alternatively, the program detection results are as follows:

Abnormal service interface A (cross-border transmission of user information)

Service interface B exception (cross-border transmission)

Service interface C exception (cross-border transmission of user information)

Service interface D is abnormal (user information exists)

Through the above process, the program detection result of the application program X is obtained, and the program detection result can be displayed on the terminal device.

FIG. 12 is a schematic structural diagram of an electronic device provided by an embodiment of the present application. The electronic device may be the terminal device and the server in the foregoing embodiments. As shown in FIG. 12 , the electronic device 1200 may include: a processor 1201 (such as a CPU), a memory 1202 and a transceiver 1203 . The memory 1202 and the transceiver 1203 may be coupled to the processor 1201, and the processor 1201 controls the transceiver 1203 to perform the above-mentioned transceiving actions of the terminal device or the server, so as to realize the interaction between the terminal device and the server. The memory 1202 may include a high-speed random-access memory (random-access memory, RAM), and may also include a non-volatile memory (non-volatile memory, NVM), such as at least one disk memory, and various instructions may be stored in the memory 1202, It is used to complete various processing functions and realize the method steps of the present application. The transceiver 1203 may be integrated into the transceiver of the electronic device, or may be a transceiver antenna independently set on the electronic device. In the embodiment of the present application, the above-mentioned memory 1202 is used to store computer-executable program codes, and the program codes include instructions; when the processor 1201 executes the instructions, the instructions cause the processor 1201 of the electronic device to perform the actions in the above-mentioned method embodiments, which The implementation principles and technical effects are similar and will not be repeated here. Optionally, the electronic device 1200 involved in this application may further include: a power supply 1204 , a communication bus 1205 and a communication port 1206 . The communication bus 1205 is used to realize the communication connection between the components. The above-mentioned communication port 1206 is used to realize connection and communication between the electronic device and other peripheral devices.

In the above embodiments, all or part of them may be implemented by software, hardware, firmware or any combination thereof. When implemented using software, it may be implemented in whole or in part in the form of a computer program product. A computer program product includes one or more computer instructions. When the computer program instructions are loaded and executed on the computer, the processes or functions according to the embodiments of the present application will be generated in whole or in part. A computer can be a general purpose computer, special purpose computer, computer network, or other programmable device. Computer instructions may be stored in or transmitted from one computer-readable storage medium to another computer-readable storage medium, e.g. Coaxial cable, optical fiber, digital subscriber line (DSL)) or wireless (such as infrared, wireless, microwave, etc.) to another website site, computer, server or data center. The computer-readable storage medium may be any available medium that can be accessed by a computer, or a data storage device such as a server, a data center, etc. integrated with one or more available media. Available media may be magnetic media (eg, floppy disk, hard disk, magnetic tape), optical media (eg, DVD), or semiconductor media (eg, Solid State Disk (SSD)).

The term "plurality" herein means two or more. The term "and/or" in this article is just an association relationship describing associated objects, which means that there can be three relationships, for example, A and/or B can mean: A exists alone, A and B exist simultaneously, and there exists alone B these three situations. In addition, the character "/" in this paper generally indicates that the contextual objects are an "or" relationship; in the formula, the character "/" indicates that the contextual objects are a "division" relationship. In addition, it should be understood that in the description of this application, words such as "first" and "second" are only used for the purpose of distinguishing descriptions, and cannot be understood as indicating or implying relative importance, nor can they be understood as indicating or imply order.

It can be understood that the various numbers involved in the embodiments of the present application are only for convenience of description, and are not used to limit the scope of the embodiments of the present application. It can be understood that, in the embodiments of the present application, the sequence numbers of the above-mentioned processes do not mean the order of execution, and the order of execution of the processes should be determined by their functions and internal logic, and should not be used in the implementation of this application. The implementation of the examples constitutes no limitation.

Claims

A detection method for an application program, comprising:

During the running of the first application program to be detected, acquire M messages sent by the terminal device through the first application program, where M is an integer greater than or equal to 1;

Determine an identification result of each message, where the identification result of each message is used to indicate whether the sending location and the receiving location of the message are located in the same geographical area, and/or, whether there is user information in the message;

Generate a program detection result corresponding to the first application program according to the identification results of the M messages.
The method according to claim 1, wherein the method is applied to a server; the first application program includes service interfaces corresponding to K geographical areas, and the server is provided with a service interface corresponding to each service interface proxy interface, the K is an integer greater than or equal to 1;

Obtain M messages sent by the terminal device through the first application program, including:

For each service interface, at least one message sent by the terminal device through the service interface is acquired through the proxy interface corresponding to the service interface.
The method according to claim 2, wherein said generating a program detection result corresponding to the first application program according to the identification results of the M messages includes:

For each service interface, determine an interface detection result corresponding to the service interface according to the identification result of the at least one message sent through the service interface;

According to the interface detection results corresponding to the K service interfaces, the program detection results corresponding to the first application program are generated, and the program detection results corresponding to the first application program include the interface detection results corresponding to the K service interfaces.
The method according to claim 3, wherein the determining the interface detection result corresponding to the service interface according to the identification result of the at least one message sent through the service interface includes:

If the identification result of each message in the at least one message indicates that the sending location and the receiving location of the message are located in the same geographical area, and there is no user information in the message, then determine that the interface detection A result indicates that the service interface is free of exceptions; or,

If the identification result of the first message in the at least one message indicates that the sending location and the receiving location of the message are not located in the same geographical area, and/or, there is user information in the message, then determine the The interface detection result indicates that the service interface is abnormal.
The method according to any one of claims 1 to 4, wherein the identification result of each message includes a first identification result, and the first identification result is used to indicate the sending location and receiving location of the message Whether it is located in the same geographical area; for any one of the M messages, determining the identification result of the message, including:

determining the geographical area to which the sending location of the message belongs, and the geographical area to which the receiving location of the message belongs;

If the geographic area to which the sending location belongs is the same as the geographic area to which the receiving location belongs, then determining that the first identification result of the message indicates that the sending location and the receiving location of the message are located in the same geographic area;

If the geographic area to which the sending location belongs is different from the geographic area to which the receiving location belongs, it is determined that the first identification result of the message indicates that the sending location and the receiving location of the message are not located in the same geographic area.
The method according to claim 5, wherein the first application program includes service interfaces corresponding to K geographical areas, and K is an integer greater than or equal to 1; determine the location to which the message is sent. Geographical area, and the geographical area to which the receiving location of the message belongs, including:

From the K service interfaces, determine the first service interface for sending the message;

Taking the geographical area corresponding to the first service interface as the geographical area to which the sending location of the message belongs;

Analyzing and processing the message to obtain the geographical area to which the receiving location of the message belongs.
The method according to claim 6, characterized in that, parsing and processing the message to obtain the geographical area to which the receiving location of the message belongs includes:

Analyzing from the message to obtain the Internet Protocol IP address corresponding to the receiving location of the message;

Acquiring a preset corresponding relationship, the preset corresponding relationship indicating the corresponding relationship between different IP addresses and different geographical regions;

Determining the geographical area corresponding to the IP address in the preset correspondence relationship as the geographical area to which the receiving location of the message belongs.
The method according to any one of claims 1 to 7, wherein the identification result of each message includes a second identification result, and the second identification result is used to indicate whether there is user information in the message; For any one of the M messages, determining the identification result of the message includes:

Analyzing the message to obtain the target data to be transmitted;

Decrypting the target data to obtain decrypted data;

Matching the decrypted data with the user information corresponding to the first application program to obtain a second identification result of the message.
The method according to claim 8, wherein the user information corresponding to the first application program includes at least one information item; matching the decrypted data with the user information corresponding to the first application program to obtain The second identification result of the message includes:

performing matching processing on each information item and the decrypted data respectively, to obtain a matching result of each information item;

If the matching result of the information item in the at least one information item is successful, then determine that the second identification result of the message indicates that user information exists in the message;

If the matching result of no information item in the at least one information item is successful, it is determined that the second identification result of the message indicates that there is no user information in the message.
The method according to any one of claims 1 to 9, wherein before acquiring the M messages sent by the terminal device through the first application program, further comprising:

Sending a control instruction to the terminal device, where the control instruction is used to control the first application program to start and run.
The method according to claim 10, wherein the sending a control instruction to the terminal device comprises:

receiving target information sent by the terminal device, where the target information includes resource information required for starting and running the first application program;

Send the control instruction to the terminal device according to the target information.
The method according to any one of claims 1 to 11, characterized in that, after generating the program detection result corresponding to the first application program according to the identification results of the M messages, further comprising:

display the program test results; or,

Send the program detection result.
The method according to any one of claims 1 to 12, wherein the geographical area is an area corresponding to a country.
A detection device for an application program, characterized in that it comprises:

An acquisition unit, configured to acquire M messages sent by the terminal device through the first application program during the running of the first application program to be detected, where M is an integer greater than or equal to 1;

A determining unit, configured to determine an identification result of each message, where the identification result of each message is used to indicate whether the sending location and the receiving location of the message are located in the same geographical area, and/or, whether User information exists;

A generating unit, configured to generate a program detection result corresponding to the first application program according to the identification results of the M messages.
An electronic device, characterized in that it comprises: a memory and a processor; the processor is used to be coupled with the memory, read and execute instructions in the memory, so as to realize any one of claims 1 to 13 Methods.
A computer-readable storage medium, wherein the computer-readable storage medium stores computer instructions, and when the computer instructions are executed, the method according to any one of claims 1 to 13 is implemented.
A computer program product, characterized in that the computer program product includes a computer program, and when the computer program is executed, the method according to any one of claims 1 to 13 is realized.
A program product, characterized in that the program product includes a computer program, the computer program is stored in a readable storage medium, and at least one processor of a communication device can read the computer program from the readable storage medium , the at least one processor executes the computer program so that the communication device implements the method according to any one of claims 1-13.