WO2024007096A1 - Privacy data protection method for android system - Google Patents

Privacy data protection method for android system Download PDF

Info

Publication number
WO2024007096A1
WO2024007096A1 PCT/CN2022/103577 CN2022103577W WO2024007096A1 WO 2024007096 A1 WO2024007096 A1 WO 2024007096A1 CN 2022103577 W CN2022103577 W CN 2022103577W WO 2024007096 A1 WO2024007096 A1 WO 2024007096A1
Authority
WO
WIPO (PCT)
Prior art keywords
application
private data
privacy
domain
access
Prior art date
Application number
PCT/CN2022/103577
Other languages
French (fr)
Chinese (zh)
Inventor
王晓东
Original Assignee
嘉兴尚坤科技有限公司
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by 嘉兴尚坤科技有限公司 filed Critical 嘉兴尚坤科技有限公司
Priority to PCT/CN2022/103577 priority Critical patent/WO2024007096A1/en
Priority to CN202280018335.9A priority patent/CN116982044A/en
Publication of WO2024007096A1 publication Critical patent/WO2024007096A1/en

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules

Definitions

  • the present invention relates to the field of privacy data security, and in particular, to a privacy data protection method for Android systems.
  • smart devices are no longer limited to providing users with services such as calls and text messages, but also provide application services with various functions such as location positioning and payment. While users enjoy convenient services, they also face problems such as privacy data leakage.
  • some service applications apply for permission to access private data and obtain user private data for commercial purposes. For example, reading the user's call records, text message content, location information, etc.
  • the current method to ensure the security of personal privacy data is to try to avoid browsing sensitive websites and install various anti-virus and anti-virus software. But this can only guarantee that the mobile phone system is safe within a certain range.
  • the purpose of the present invention is to provide a privacy data protection method for Android systems in order to overcome the shortcomings of the above-mentioned existing technologies.
  • a privacy data protection method for Android systems including the following steps:
  • S1 Set a security domain, a trusted application domain and a suspicious application domain in the application layer of the Android system.
  • the security domain is used to store private data.
  • the trusted application runs in the trusted application domain.
  • Untrusted applications run in suspicious application domains;
  • S2 Configure a monitoring module in the Android system to monitor and capture private data requests sent by each application in the Android system, and determine whether the application is running in a trusted application domain or a suspicious application domain. If it is running in a trusted application If it is running in the suspicious application domain, perform steps S3-S5. If it is running in the suspicious application domain, perform steps S6-S8;
  • S3 According to the access control policy of the security domain, send the private data request to the security domain to obtain authorization options for private data access;
  • step S4 If the authorization selection result is "Allow”, allow the application to access the private data this time, and perform step S5, otherwise deny the application the current access to the private data;
  • the monitoring module intercepts the private data request and re-sends the private data request to the security domain to obtain the authorization selection for private data access;
  • step S7 If the authorization selection result is "Allow”, send fake private data or real private data to the monitoring module according to the user's choice, and execute step S8, otherwise the application's access to the private data will be denied;
  • the monitoring module sends the received fake privacy data or real privacy data to the application that sends the privacy data request.
  • a privacy policy execution module and a privacy policy management module are provided in the security domain to control applications' direct access to private data, and the privacy policy management module stores a privacy policy table.
  • step S5 specifically includes:
  • S51 The package management service module in the Android system receives the privacy data request
  • the package management service module performs a permission check on the corresponding application according to the privacy policy table, determines the range of private data that the application can access, and transfers the private data according to the hook function set in the package management service module.
  • the request is sent to the privacy policy management module;
  • the privacy policy management module determines the content of the private data requested to be accessed by the application this time, and determines whether the content is within the range of private data that the application has permission to access. If so, the user is asked about the privacy data requested by the application this time. Whether it is possible to obtain the private data requested and send the query results to the privacy policy execution module;
  • the privacy policy execution module receives the query results and sends them to the package management service module;
  • the package management service module agrees or denies the application to access the private data requested based on the received query results.
  • step S2 the configuration monitoring module specifically includes:
  • Run the configured application installation package start the loading module to load the monitoring module, and hook the monitoring module to the privacy data request of each application.
  • the monitoring module monitors and captures privacy data requests sent by various applications in the Android system, including:
  • the monitoring module is used to obtain the hook plug-in corresponding to the privacy data request of each application from the hook plug-in framework of the background sandbox, and the hook plug-in is used to capture the corresponding privacy data request.
  • the privacy policy table includes an application identification hash value and a user-set access scope flag.
  • the privacy policy management module After receiving the query request, the privacy policy management module extracts the application identification from the request message and performs hash calculation, and then uses the privacy policy to The application identification hash value in the policy table can quickly query the corresponding entry.
  • the user-set access range flag is used to record the private data range information that the application set by the user can access.
  • the present invention has the following advantages:
  • the present invention sets a security domain, a trusted application domain and a suspicious application domain in the application layer of the Android system.
  • the security domain is used to store private data; a monitoring module is configured in the Android system to monitor and capture the messages sent by each application in the Android system. private data request, and determine whether the application is running in a trusted application domain or a suspicious application domain. Depending on the judgment results, different methods are used to manage private data access. If it is a trusted application, the authorization selection result is " "Allow", the corresponding application can directly access the private data. If it is an untrusted application, the monitoring module intercepts the private data request and re-sends the private data request to the security domain.
  • Figure 1 is a schematic flow chart of the method of the present invention
  • FIG. 2 is a schematic flow chart of step S5 of the present invention.
  • the present invention provides a privacy data protection method for Android systems, which includes the following steps:
  • S1 Set up a security domain, a trusted application domain and a suspicious application domain in the application layer of the Android system.
  • the security domain is used to store private data. Trusted applications run in the trusted application domain, and untrusted applications run in the suspicious applications.
  • a privacy policy execution module and a privacy policy management module are set up in the security domain to control applications' direct access to private data.
  • the privacy policy table is stored in the privacy policy management module.
  • S2 Configure a monitoring module in the Android system to monitor and capture private data requests sent by each application in the Android system, and determine whether the application is running in a trusted application domain or a suspicious application domain. If it is running in a trusted application In the domain, perform steps S3-S5. If running in the suspicious application domain, perform steps S6-S8.
  • the configuration monitoring module specifically includes: obtaining a copy of the installation package of each application in the trusted application domain and the suspicious application domain, And parse the copy of each application installation package to obtain the binary executable code file corresponding to each application; modify or replace the binary executable code file, inject the loading module to configure each application installation package; run each configured application Install the package, start the loading module, load the monitoring module, and hook the monitoring module to the privacy data requests of each application.
  • the security domain is used to store private data; configure a monitoring module in the Android system to monitor and capture the privacy sent by each application in the Android system. data request, and determine whether the application is running in a trusted application domain or a suspicious application domain. Based on the different judgment results, different methods are used to manage private data access, which can effectively distinguish between trusted applications and untrusted applications. Protect users' private data.
  • S3 According to the access control policy of the security domain, send the private data request to the security domain to obtain authorization options for private data access.
  • step S4 If the authorization selection result is "Allow”, the application is allowed to access the private data this time, and step S5 is executed. Otherwise, the application is denied this access to the private data.
  • S51 The package management service module in the Android system receives the privacy data request
  • the package management service module checks the permissions of the corresponding application according to the privacy policy table, determines the range of private data that the application can access, and sends the private data request to Privacy policy management module;
  • the privacy policy management module determines the content of the private data that the application requests to access this time, and determines whether the content is within the range of private data that the application has permission to access. If so, the user is asked whether the application can obtain it this time. It requests access to the private data and sends the query results to the privacy policy execution module;
  • the privacy policy execution module receives the query results and sends them to the package management service module;
  • the package management service module agrees or denies the application to access the private data requested based on the received query results.
  • the monitoring module intercepts the private data request and resends the private data request to the security domain. At the same time, if the authorization selection result is "Allow", it still needs to send fake private data or real private data according to the user's choice. , and rely on the monitoring module to relay and then send private data requests to applications, and increase the control over untrusted applications obtaining private data:
  • S6 The monitoring module intercepts the private data request and resends the private data request to the security domain to obtain authorization options for private data access.
  • step S7 If the authorization selection result is "Allow”, send fake private data or real private data to the monitoring module according to the user's choice, and execute step S8, otherwise the application will be denied this access to the private data.
  • the monitoring module sends the received fake private data or real private data to the application that sent the private data request.
  • the monitoring module monitors and captures the privacy data requests sent by each application in the Android system, including: using the monitoring module to obtain the hook plug-in corresponding to the privacy data request of each application from the hook plug-in framework of the background sandbox, using the hook The plug-in captures the corresponding private data request.
  • the privacy policy table contains the application identification hash value and the user-set access scope flag. After receiving the query request, the privacy policy management module extracts the application identification from the request message and performs hash calculation, and then passes the application in the privacy policy table Identifies the hash value to quickly query the corresponding entry.
  • the user-set access scope flag is used to record the private data scope information that the user-set application can access.

Abstract

The present invention relates to a privacy data protection method for an Android system. The privacy data protection method is characterized by comprising the following steps: S1, setting a security domain, a trusted application domain and a suspicious application domain in an application layer of an Android system, wherein the security domain is used for storing privacy data, trusted application programs are run in the trusted application domain, and untrusted application programs are run in the suspicious application domain; and S2, configuring a monitoring module in the Android system for monitoring and capturing a privacy data request, which is sent by each application program in the Android system, and determining whether the application program is run in the trusted application domain or in the suspicious application domain; if the application program is run in the trusted application domain, executing steps S3-S5, and if the application program is run in the suspicious application domain, executing steps S6-S8. Compared with the prior art, the present invention has the advantages of effectively increasing the security of user's privacy data, preventing a malicious application program from stealing the privacy data, etc.

Description

一种用于安卓系统的隐私数据保护方法A privacy data protection method for Android systems 技术领域Technical field
本发明涉及隐私数据安全领域,尤其是涉及一种用于安卓系统的隐私数据保护方法。The present invention relates to the field of privacy data security, and in particular, to a privacy data protection method for Android systems.
背景技术Background technique
随着网络技术的快速发展,智能设备不再局限于为用户提供通话、短信等服务,而且会提供例如位置定位、费用支付等各种功能的应用服务。用户在享受便捷服务的同时,也面临着隐私数据泄露等问题的困扰。以Android(安卓)系统为例,一些服务应用出于商业目的,申请访问隐私数据的权限,获取用户隐私数据。比如读取用户的通话记录、短信内容、位置信息等,目前保障个人隐私数据安全的方法就是尽量避免浏览敏感网站、安装各类杀毒防病毒软件。但这只能保证手机系统在一定范围内是安全的。With the rapid development of network technology, smart devices are no longer limited to providing users with services such as calls and text messages, but also provide application services with various functions such as location positioning and payment. While users enjoy convenient services, they also face problems such as privacy data leakage. Taking the Android system as an example, some service applications apply for permission to access private data and obtain user private data for commercial purposes. For example, reading the user's call records, text message content, location information, etc. The current method to ensure the security of personal privacy data is to try to avoid browsing sensitive websites and install various anti-virus and anti-virus software. But this can only guarantee that the mobile phone system is safe within a certain range.
同时,尽管Android具有相对较为严格的用户权限管理机制,要突破权限限制,需要将系统的权限提高到最高级别,即进行ROOT授权,但是即使安全软件获得ROOT授权仍会存在如下的问题:Android设备产商众多,各家多少都会对系统本身有修改,所以现有技术方式可能存在不兼容的问题,导致ROOT授权在某些机型上不太稳定;一般用户并不掌握ROOT授权的专业知识,不能对智能设备进行ROOT授权;ROOT授权在为安全软件开放更高权限的同时,也给了恶意程序以可乘之机。At the same time, although Android has a relatively strict user rights management mechanism, to break through the rights restrictions, the system rights need to be raised to the highest level, that is, ROOT authorization. However, even if the security software obtains ROOT authorization, there will still be the following problems: Android devices There are many manufacturers, and each of them will make some modifications to the system itself, so the existing technical methods may have incompatibility issues, causing ROOT authorization to be unstable on some models; ordinary users do not have professional knowledge about ROOT authorization. ROOT authorization cannot be performed on smart devices; while ROOT authorization opens up higher permissions to security software, it also gives malicious programs an opportunity to take advantage.
发明内容Contents of the invention
本发明的目的就是为了克服上述现有技术存在的缺陷而提供一种用于安卓系统的隐私数据保护方法。The purpose of the present invention is to provide a privacy data protection method for Android systems in order to overcome the shortcomings of the above-mentioned existing technologies.
本发明的目的可以通过以下技术方案来实现:The object of the present invention can be achieved through the following technical solutions:
一种用于安卓系统的隐私数据保护方法,包括以下步骤:A privacy data protection method for Android systems, including the following steps:
S1:在安卓系统的应用层中设置安全域、信任应用域和可疑应用域,所述的 安全域用于存储隐私数据,所述的可信任的应用程序运行于信任应用域中,所述的不可信任的应用程序运行于可疑应用域中;S1: Set a security domain, a trusted application domain and a suspicious application domain in the application layer of the Android system. The security domain is used to store private data. The trusted application runs in the trusted application domain. Untrusted applications run in suspicious application domains;
S2:在安卓系统中配置监控模块,用于监控并捕获安卓系统的中各应用程序发送的隐私数据请求,并判断该应用程序运行于信任应用域中还是可疑应用域中,若运行于信任应用域中,则执行步骤S3-S5,若运行于可疑应用域中,则执行步骤S6-S8;S2: Configure a monitoring module in the Android system to monitor and capture private data requests sent by each application in the Android system, and determine whether the application is running in a trusted application domain or a suspicious application domain. If it is running in a trusted application If it is running in the suspicious application domain, perform steps S3-S5. If it is running in the suspicious application domain, perform steps S6-S8;
S3:根据安全域的访问控制策略,将隐私数据请求发送至安全域,获取隐私数据访问的授权选择;S3: According to the access control policy of the security domain, send the private data request to the security domain to obtain authorization options for private data access;
S4:若授权选择结果为“允许”,则允许该应用程序对隐私数据的本次访问,并执行步骤S5,否则拒绝该应用程序对隐私数据的本次访问;S4: If the authorization selection result is "Allow", allow the application to access the private data this time, and perform step S5, otherwise deny the application the current access to the private data;
S5:对应的应用程序直接对隐私数据进行访问;S5: The corresponding application directly accesses private data;
S6:所述的监控模块拦截隐私数据请求,并重新向安全域发送该隐私数据请求,获取隐私数据访问的授权选择;S6: The monitoring module intercepts the private data request and re-sends the private data request to the security domain to obtain the authorization selection for private data access;
S7:若授权选择结果为“允许”,则根据用户选择发送伪造隐私数据或真实隐私数据至监控模块,并执行步骤S8,否则拒绝该应用程序对隐私数据的本次访问;S7: If the authorization selection result is "Allow", send fake private data or real private data to the monitoring module according to the user's choice, and execute step S8, otherwise the application's access to the private data will be denied;
S8:所述的监控模块将接收到的伪造隐私数据或真实隐私数据发送至发送隐私数据请求的应用程序。S8: The monitoring module sends the received fake privacy data or real privacy data to the application that sends the privacy data request.
进一步地,所述的安全域中设置隐私策略执行模块和隐私策略管理模块,用于管控应用程序直接访问隐私数据,所述的隐私策略管理模块中存储隐私策略表。Further, a privacy policy execution module and a privacy policy management module are provided in the security domain to control applications' direct access to private data, and the privacy policy management module stores a privacy policy table.
进一步地,步骤S5具体包括:Further, step S5 specifically includes:
S51:安卓系统中的包管理服务模块接收隐私数据请求;S51: The package management service module in the Android system receives the privacy data request;
S52:所述的包管理服务模块根据隐私策略表对对应的的应用程序进行权限检查,确定该应用程序权限能够访问的隐私数据范围,并根据包管理服务模块中设置的钩子函数,将隐私数据请求发送至隐私策略管理模块;S52: The package management service module performs a permission check on the corresponding application according to the privacy policy table, determines the range of private data that the application can access, and transfers the private data according to the hook function set in the package management service module. The request is sent to the privacy policy management module;
S53:所述的隐私策略管理模块确定本次该应用程序请求访问的隐私数据内容,并确定该内容是否在该应用程序权限能够访问的隐私数据范围内,若是,则询问用户该应用程序本次是否能够获取其请求访问的隐私数据数据,并将查询结果发送给隐私策略执行模块;S53: The privacy policy management module determines the content of the private data requested to be accessed by the application this time, and determines whether the content is within the range of private data that the application has permission to access. If so, the user is asked about the privacy data requested by the application this time. Whether it is possible to obtain the private data requested and send the query results to the privacy policy execution module;
S54:所述的隐私策略执行模块接收查询结果并发送至包管理服务模块;S54: The privacy policy execution module receives the query results and sends them to the package management service module;
S55:所述的包管理服务模块根据接收到的查询结果,同意或拒绝该应用程序访问请求访问的隐私数据。S55: The package management service module agrees or denies the application to access the private data requested based on the received query results.
进一步地,步骤S2中,所述的配置监控模块具体包括:Further, in step S2, the configuration monitoring module specifically includes:
获取信任应用域和可疑应用域中各应用程序的安装包副本,并解析各应用程序安装包副本,获取各应用程序对应的二进制可执行代码文件;Obtain a copy of the installation package of each application in the trusted application domain and the suspicious application domain, parse the copy of the installation package of each application, and obtain the binary executable code file corresponding to each application;
修改或者替换二进制可执行代码文件,注入加载模块,用于配置各应用程序安装包;Modify or replace binary executable code files and inject loading modules to configure each application installation package;
运行配置完成的各应用程序安装包,并启动加载模块加载监控模块,将所述的监控模块挂钩各应用程序的隐私数据请求。Run the configured application installation package, start the loading module to load the monitoring module, and hook the monitoring module to the privacy data request of each application.
更进一步的,所述的监控模块监控并捕获安卓系统的中各应用程序发送的隐私数据请求具体包括:Furthermore, the monitoring module monitors and captures privacy data requests sent by various applications in the Android system, including:
利用所述的监控模块从后台沙箱的钩子插件框架中获取对应于各应用程序的隐私数据请求的钩子插件,利用钩子插件捕获相应的隐私数据请求。The monitoring module is used to obtain the hook plug-in corresponding to the privacy data request of each application from the hook plug-in framework of the background sandbox, and the hook plug-in is used to capture the corresponding privacy data request.
更进一步的,所述的述隐私策略表包含应用标识哈希值和用户设置访问范围标志,隐私策略管理模块收到查询请求后,从请求消息中提取应用标识并进行哈希计算,然后通过隐私策略表中的应用标识哈希值快速查询对应的条目,所述的用户设置访问范围标志用于记录用户设置的应用程序能够访问的隐私数据范围信息。Furthermore, the privacy policy table includes an application identification hash value and a user-set access scope flag. After receiving the query request, the privacy policy management module extracts the application identification from the request message and performs hash calculation, and then uses the privacy policy to The application identification hash value in the policy table can quickly query the corresponding entry. The user-set access range flag is used to record the private data range information that the application set by the user can access.
与现有技术相比,本发明具有以下优点:Compared with the prior art, the present invention has the following advantages:
本发明在安卓系统的应用层中设置安全域、信任应用域和可疑应用域,安全域用于存储隐私数据;在安卓系统中配置监控模块,用于监控并捕获安卓系统的中各应用程序发送的隐私数据请求,并判断该应用程序运行于信任应用域中还是可疑应用域中,根据判断结果不同,对隐私数据访问利用不同方法进行管理,若为可信任应用,则在授权选择结果为“允许”,后,对应的应用程序可以直接对隐私数据进行访问,而若为不可信任应用,则监控模块拦截隐私数据请求,并重新向安全域发送该隐私数据请求,同时在若授权选择结果为“允许”后,仍然需要根据用户选择发送伪造隐私数据或真实隐私数据,并依托监控模块中转再发送隐私数据请求的应用程序,区分可信任应用程序和不可信任应用程序,在管控可信任应用程序访问隐私数据的基础上上,加大对不可信任应用获取隐私数据的管控力度,能够有效对用户的隐私数据进行保护。The present invention sets a security domain, a trusted application domain and a suspicious application domain in the application layer of the Android system. The security domain is used to store private data; a monitoring module is configured in the Android system to monitor and capture the messages sent by each application in the Android system. private data request, and determine whether the application is running in a trusted application domain or a suspicious application domain. Depending on the judgment results, different methods are used to manage private data access. If it is a trusted application, the authorization selection result is " "Allow", the corresponding application can directly access the private data. If it is an untrusted application, the monitoring module intercepts the private data request and re-sends the private data request to the security domain. At the same time, if the authorization selection result is After "allowing", it is still necessary to send fake private data or real private data according to the user's choice, and rely on the monitoring module to relay and then send private data requests to distinguish between trustworthy applications and untrustworthy applications. When controlling trustworthy applications On the basis of accessing private data, increasing the control over untrusted applications obtaining private data can effectively protect users' private data.
附图说明Description of the drawings
图1为本发明方法的流程示意图;Figure 1 is a schematic flow chart of the method of the present invention;
图2为本发明步骤S5的流程示意图。Figure 2 is a schematic flow chart of step S5 of the present invention.
具体实施方式Detailed ways
下面结合附图和具体实施例对本发明进行详细说明。显然,所描述的实施例是本发明的一部分实施例,而不是全部实施例。基于本发明中的实施例,本领域普通技术人员在没有做出创造性劳动的前提下所获得的所有其他实施例,都应属于本发明保护的范围。The present invention will be described in detail below with reference to the accompanying drawings and specific embodiments. Obviously, the described embodiments are some, but not all, of the embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts should fall within the scope of protection of the present invention.
如图1和图2所示,本发明提供一种用于安卓系统的隐私数据保护方法,包括以下步骤:As shown in Figures 1 and 2, the present invention provides a privacy data protection method for Android systems, which includes the following steps:
S1:在安卓系统的应用层中设置安全域、信任应用域和可疑应用域,安全域用于存储隐私数据,可信任的应用程序运行于信任应用域中,不可信任的应用程序运行于可疑应用域中,并在安全域中设置隐私策略执行模块和隐私策略管理模块,用于管控应用程序直接访问隐私数据,隐私策略管理模块中存储隐私策略表。S1: Set up a security domain, a trusted application domain and a suspicious application domain in the application layer of the Android system. The security domain is used to store private data. Trusted applications run in the trusted application domain, and untrusted applications run in the suspicious applications. In the domain, a privacy policy execution module and a privacy policy management module are set up in the security domain to control applications' direct access to private data. The privacy policy table is stored in the privacy policy management module.
S2:在安卓系统中配置监控模块,用于监控并捕获安卓系统的中各应用程序发送的隐私数据请求,并判断该应用程序运行于信任应用域中还是可疑应用域中,若运行于信任应用域中,则执行步骤S3-S5,若运行于可疑应用域中,则执行步骤S6-S8,其中,配置监控模块具体包括:获取信任应用域和可疑应用域中各应用程序的安装包副本,并解析各应用程序安装包副本,获取各应用程序对应的二进制可执行代码文件;修改或者替换二进制可执行代码文件,注入加载模块,用于配置各应用程序安装包;运行配置完成的各应用程序安装包,并启动加载模块加载监控模块,将监控模块挂钩各应用程序的隐私数据请求。S2: Configure a monitoring module in the Android system to monitor and capture private data requests sent by each application in the Android system, and determine whether the application is running in a trusted application domain or a suspicious application domain. If it is running in a trusted application In the domain, perform steps S3-S5. If running in the suspicious application domain, perform steps S6-S8. The configuration monitoring module specifically includes: obtaining a copy of the installation package of each application in the trusted application domain and the suspicious application domain, And parse the copy of each application installation package to obtain the binary executable code file corresponding to each application; modify or replace the binary executable code file, inject the loading module to configure each application installation package; run each configured application Install the package, start the loading module, load the monitoring module, and hook the monitoring module to the privacy data requests of each application.
在安卓系统的应用层中设置安全域、信任应用域和可疑应用域,安全域用于存储隐私数据;在安卓系统中配置监控模块,用于监控并捕获安卓系统的中各应用程序发送的隐私数据请求,并判断该应用程序运行于信任应用域中还是可疑应用域中,根据判断结果不同,对隐私数据访问利用不同方法进行管理,能够有效区分可信任应用程序和不可信任应用程序,能够有效对用户的隐私数据进行保护。Set up a security domain, trusted application domain and suspicious application domain in the application layer of the Android system. The security domain is used to store private data; configure a monitoring module in the Android system to monitor and capture the privacy sent by each application in the Android system. data request, and determine whether the application is running in a trusted application domain or a suspicious application domain. Based on the different judgment results, different methods are used to manage private data access, which can effectively distinguish between trusted applications and untrusted applications. Protect users' private data.
若为可信任应用,则在授权选择结果为“允许”,后,对应的应用程序可以直接对隐私数据进行访问,但是对于可信任应用的直接访问,也需要进行隐私数据访 问管控,提高隐私数据安全性:If it is a trusted application, after the authorization selection result is "Allow", the corresponding application can directly access the private data. However, for direct access by trusted applications, private data access control is also required to improve privacy data. safety:
S3:根据安全域的访问控制策略,将隐私数据请求发送至安全域,获取隐私数据访问的授权选择。S3: According to the access control policy of the security domain, send the private data request to the security domain to obtain authorization options for private data access.
S4:若授权选择结果为“允许”,则允许该应用程序对隐私数据的本次访问,并执行步骤S5,否则拒绝该应用程序对隐私数据的本次访问。S4: If the authorization selection result is "Allow", the application is allowed to access the private data this time, and step S5 is executed. Otherwise, the application is denied this access to the private data.
S5:对应的应用程序直接对隐私数据进行访问,具体包括:S5: The corresponding application directly accesses private data, including:
S51:安卓系统中的包管理服务模块接收隐私数据请求;S51: The package management service module in the Android system receives the privacy data request;
S52:包管理服务模块根据隐私策略表对对应的的应用程序进行权限检查,确定该应用程序权限能够访问的隐私数据范围,并根据包管理服务模块中设置的钩子函数,将隐私数据请求发送至隐私策略管理模块;S52: The package management service module checks the permissions of the corresponding application according to the privacy policy table, determines the range of private data that the application can access, and sends the private data request to Privacy policy management module;
S53:隐私策略管理模块确定本次该应用程序请求访问的隐私数据内容,并确定该内容是否在该应用程序权限能够访问的隐私数据范围内,若是,则询问用户该应用程序本次是否能够获取其请求访问的隐私数据数据,并将查询结果发送给隐私策略执行模块;S53: The privacy policy management module determines the content of the private data that the application requests to access this time, and determines whether the content is within the range of private data that the application has permission to access. If so, the user is asked whether the application can obtain it this time. It requests access to the private data and sends the query results to the privacy policy execution module;
S54:隐私策略执行模块接收查询结果并发送至包管理服务模块;S54: The privacy policy execution module receives the query results and sends them to the package management service module;
S55:包管理服务模块根据接收到的查询结果,同意或拒绝该应用程序访问请求访问的隐私数据。S55: The package management service module agrees or denies the application to access the private data requested based on the received query results.
若为不可信任应用,则监控模块拦截隐私数据请求,并重新向安全域发送该隐私数据请求,同时在若授权选择结果为“允许”后,仍然需要根据用户选择发送伪造隐私数据或真实隐私数据,并依托监控模块中转再发送隐私数据请求的应用程序,加大对不可信任应用获取隐私数据的管控力度:If it is an untrusted application, the monitoring module intercepts the private data request and resends the private data request to the security domain. At the same time, if the authorization selection result is "Allow", it still needs to send fake private data or real private data according to the user's choice. , and rely on the monitoring module to relay and then send private data requests to applications, and increase the control over untrusted applications obtaining private data:
S6:监控模块拦截隐私数据请求,并重新向安全域发送该隐私数据请求,获取隐私数据访问的授权选择。S6: The monitoring module intercepts the private data request and resends the private data request to the security domain to obtain authorization options for private data access.
S7:若授权选择结果为“允许”,则根据用户选择发送伪造隐私数据或真实隐私数据至监控模块,并执行步骤S8,否则拒绝该应用程序对隐私数据的本次访问。S7: If the authorization selection result is "Allow", send fake private data or real private data to the monitoring module according to the user's choice, and execute step S8, otherwise the application will be denied this access to the private data.
S8:监控模块将接收到的伪造隐私数据或真实隐私数据发送至发送隐私数据请求的应用程序。S8: The monitoring module sends the received fake private data or real private data to the application that sent the private data request.
其中,监控模块监控并捕获安卓系统的中各应用程序发送的隐私数据请求具体包括:利用监控模块从后台沙箱的钩子插件框架中获取对应于各应用程序的隐私数 据请求的钩子插件,利用钩子插件捕获相应的隐私数据请求。具体地,隐私策略表包含应用标识哈希值和用户设置访问范围标志,隐私策略管理模块收到查询请求后,从请求消息中提取应用标识并进行哈希计算,然后通过隐私策略表中的应用标识哈希值快速查询对应的条目,用户设置访问范围标志用于记录用户设置的应用程序能够访问的隐私数据范围信息。Among them, the monitoring module monitors and captures the privacy data requests sent by each application in the Android system, including: using the monitoring module to obtain the hook plug-in corresponding to the privacy data request of each application from the hook plug-in framework of the background sandbox, using the hook The plug-in captures the corresponding private data request. Specifically, the privacy policy table contains the application identification hash value and the user-set access scope flag. After receiving the query request, the privacy policy management module extracts the application identification from the request message and performs hash calculation, and then passes the application in the privacy policy table Identifies the hash value to quickly query the corresponding entry. The user-set access scope flag is used to record the private data scope information that the user-set application can access.
以上所述,仅为本发明的具体实施方式,但本发明的保护范围并不局限于此,任何熟悉本技术领域的工作人员在本发明揭露的技术范围内,可轻易想到各种等效的修改或替换,这些修改或替换都应涵盖在本发明的保护范围之内。因此,本发明的保护范围应以权利要求的保护范围为准。The above are only specific embodiments of the present invention, but the protection scope of the present invention is not limited thereto. Any worker familiar with the technical field can easily think of various equivalent methods within the technical scope disclosed in the present invention. Modifications or substitutions shall be included in the protection scope of the present invention. Therefore, the protection scope of the present invention should be subject to the protection scope of the claims.

Claims (6)

  1. 一种用于安卓系统的隐私数据保护方法,其特征在于,包括以下步骤:A privacy data protection method for Android systems, which is characterized by including the following steps:
    S1:在安卓系统的应用层中设置安全域、信任应用域和可疑应用域,所述的安全域用于存储隐私数据,所述的可信任的应用程序运行于信任应用域中,所述的不可信任的应用程序运行于可疑应用域中;S1: Set a security domain, a trusted application domain and a suspicious application domain in the application layer of the Android system. The security domain is used to store private data. The trusted application runs in the trusted application domain. Untrusted applications run in suspicious application domains;
    S2:在安卓系统中配置监控模块,用于监控并捕获安卓系统的中各应用程序发送的隐私数据请求,并判断该应用程序运行于信任应用域中还是可疑应用域中,若运行于信任应用域中,则执行步骤S3-S5,若运行于可疑应用域中,则执行步骤S6-S8;S2: Configure a monitoring module in the Android system to monitor and capture private data requests sent by each application in the Android system, and determine whether the application is running in a trusted application domain or a suspicious application domain. If it is running in a trusted application If it is running in the suspicious application domain, perform steps S3-S5. If it is running in the suspicious application domain, perform steps S6-S8;
    S3:根据安全域的访问控制策略,将隐私数据请求发送至安全域,获取隐私数据访问的授权选择;S3: According to the access control policy of the security domain, send the private data request to the security domain to obtain authorization options for private data access;
    S4:若授权选择结果为“允许”,则允许该应用程序对隐私数据的本次访问,并执行步骤S5,否则拒绝该应用程序对隐私数据的本次访问;S4: If the authorization selection result is "Allow", allow the application to access the private data this time, and perform step S5, otherwise deny the application the current access to the private data;
    S5:对应的应用程序直接对隐私数据进行访问;S5: The corresponding application directly accesses private data;
    S6:所述的监控模块拦截隐私数据请求,并重新向安全域发送该隐私数据请求,获取隐私数据访问的授权选择;S6: The monitoring module intercepts the private data request and re-sends the private data request to the security domain to obtain the authorization selection for private data access;
    S7:若授权选择结果为“允许”,则根据用户选择发送伪造隐私数据或真实隐私数据至监控模块,并执行步骤S8,否则拒绝该应用程序对隐私数据的本次访问;S7: If the authorization selection result is "Allow", send fake private data or real private data to the monitoring module according to the user's choice, and execute step S8, otherwise the application's access to the private data will be denied;
    S8:所述的监控模块将接收到的伪造隐私数据或真实隐私数据发送至发送隐私数据请求的应用程序。S8: The monitoring module sends the received fake privacy data or real privacy data to the application that sends the privacy data request.
  2. 根据权利要求1所述的一种用于安卓系统的隐私数据保护方法,其特征在于,所述的安全域中设置隐私策略执行模块和隐私策略管理模块,用于管控应用程序直接访问隐私数据,所述的隐私策略管理模块中存储隐私策略表。A privacy data protection method for Android systems according to claim 1, characterized in that a privacy policy execution module and a privacy policy management module are provided in the security domain to control applications' direct access to private data, The privacy policy management module stores a privacy policy table.
  3. 根据权利要求2所述的一种用于安卓系统的隐私数据保护方法,其特征在于,步骤S5具体包括:A privacy data protection method for Android systems according to claim 2, characterized in that step S5 specifically includes:
    S51:安卓系统中的包管理服务模块接收隐私数据请求;S51: The package management service module in the Android system receives the privacy data request;
    S52:所述的包管理服务模块根据隐私策略表对对应的的应用程序进行权限检 查,确定该应用程序权限能够访问的隐私数据范围,并根据包管理服务模块中设置的钩子函数,将隐私数据请求发送至隐私策略管理模块;S52: The package management service module performs a permission check on the corresponding application according to the privacy policy table, determines the range of private data that the application can access, and transfers the private data according to the hook function set in the package management service module. The request is sent to the privacy policy management module;
    S53:所述的隐私策略管理模块确定本次该应用程序请求访问的隐私数据内容,并确定该内容是否在该应用程序权限能够访问的隐私数据范围内,若是,则询问用户该应用程序本次是否能够获取其请求访问的隐私数据数据,并将查询结果发送给隐私策略执行模块;S53: The privacy policy management module determines the content of the private data requested to be accessed by the application this time, and determines whether the content is within the range of private data that the application has permission to access. If so, the user is asked about the privacy data requested by the application this time. Whether it is possible to obtain the private data requested and send the query results to the privacy policy execution module;
    S54:所述的隐私策略执行模块接收查询结果并发送至包管理服务模块;S54: The privacy policy execution module receives the query results and sends them to the package management service module;
    S55:所述的包管理服务模块根据接收到的查询结果,同意或拒绝该应用程序访问请求访问的隐私数据。S55: The package management service module agrees or denies the application to access the private data requested based on the received query results.
  4. 根据权利要求1所述的一种用于安卓系统的隐私数据保护方法,其特征在于,步骤S2中,所述的配置监控模块具体包括:A privacy data protection method for Android systems according to claim 1, characterized in that in step S2, the configuration monitoring module specifically includes:
    获取信任应用域和可疑应用域中各应用程序的安装包副本,并解析各应用程序安装包副本,获取各应用程序对应的二进制可执行代码文件;Obtain a copy of the installation package of each application in the trusted application domain and the suspicious application domain, parse the copy of the installation package of each application, and obtain the binary executable code file corresponding to each application;
    修改或者替换二进制可执行代码文件,注入加载模块,用于配置各应用程序安装包;Modify or replace binary executable code files and inject loading modules to configure each application installation package;
    运行配置完成的各应用程序安装包,并启动加载模块加载监控模块,将所述的监控模块挂钩各应用程序的隐私数据请求。Run the configured application installation package, start the loading module to load the monitoring module, and hook the monitoring module to the privacy data request of each application.
  5. 根据权利要求4所述的一种用于安卓系统的隐私数据保护方法,其特征在于,所述的监控模块监控并捕获安卓系统的中各应用程序发送的隐私数据请求具体包括:A privacy data protection method for Android systems according to claim 4, characterized in that the monitoring module monitors and captures privacy data requests sent by each application in the Android system specifically includes:
    利用所述的监控模块从后台沙箱的钩子插件框架中获取对应于各应用程序的隐私数据请求的钩子插件,利用钩子插件捕获相应的隐私数据请求。The monitoring module is used to obtain the hook plug-in corresponding to the privacy data request of each application from the hook plug-in framework of the background sandbox, and the hook plug-in is used to capture the corresponding privacy data request.
  6. 根据权利要求3所述的一种用于安卓系统的隐私数据保护方法,其特征在于,所述的述隐私策略表包含应用标识哈希值和用户设置访问范围标志,隐私策略管理模块收到查询请求后,从请求消息中提取应用标识并进行哈希计算,然后通过隐私策略表中的应用标识哈希值快速查询对应的条目,所述的用户设置访问范围标志用于记录用户设置的应用程序能够访问的隐私数据范围信息。A privacy data protection method for Android systems according to claim 3, characterized in that the privacy policy table includes an application identification hash value and a user-set access scope flag, and the privacy policy management module receives a query After the request, the application identifier is extracted from the request message and hashed, and then the corresponding entry is quickly queried through the application identifier hash value in the privacy policy table. The user-set access scope flag is used to record the application set by the user. Information about the scope of private data that can be accessed.
PCT/CN2022/103577 2022-07-04 2022-07-04 Privacy data protection method for android system WO2024007096A1 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
PCT/CN2022/103577 WO2024007096A1 (en) 2022-07-04 2022-07-04 Privacy data protection method for android system
CN202280018335.9A CN116982044A (en) 2022-07-04 2022-07-04 Privacy data protection method for android system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
PCT/CN2022/103577 WO2024007096A1 (en) 2022-07-04 2022-07-04 Privacy data protection method for android system

Publications (1)

Publication Number Publication Date
WO2024007096A1 true WO2024007096A1 (en) 2024-01-11

Family

ID=88475343

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/CN2022/103577 WO2024007096A1 (en) 2022-07-04 2022-07-04 Privacy data protection method for android system

Country Status (2)

Country Link
CN (1) CN116982044A (en)
WO (1) WO2024007096A1 (en)

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7748026B1 (en) * 2005-03-30 2010-06-29 Sprint Communications Company L.P. Transparent interceptors for privacy policy implementation
CN104239814A (en) * 2014-09-17 2014-12-24 上海斐讯数据通信技术有限公司 Mobile office safety method and mobile office safety system
CN104683336A (en) * 2015-02-12 2015-06-03 中国科学院信息工程研究所 Security-region-based method and system for protecting Android private data
CN109167782A (en) * 2018-08-31 2019-01-08 国鼎网络空间安全技术有限公司 Private data guard method and system based on intelligent mobile terminal
CN110110544A (en) * 2019-03-25 2019-08-09 中国科学院信息工程研究所 Android intelligent terminal method for secret protection and device

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7748026B1 (en) * 2005-03-30 2010-06-29 Sprint Communications Company L.P. Transparent interceptors for privacy policy implementation
CN104239814A (en) * 2014-09-17 2014-12-24 上海斐讯数据通信技术有限公司 Mobile office safety method and mobile office safety system
CN104683336A (en) * 2015-02-12 2015-06-03 中国科学院信息工程研究所 Security-region-based method and system for protecting Android private data
CN109167782A (en) * 2018-08-31 2019-01-08 国鼎网络空间安全技术有限公司 Private data guard method and system based on intelligent mobile terminal
CN110110544A (en) * 2019-03-25 2019-08-09 中国科学院信息工程研究所 Android intelligent terminal method for secret protection and device

Also Published As

Publication number Publication date
CN116982044A (en) 2023-10-31

Similar Documents

Publication Publication Date Title
US8181219B2 (en) Access authorization having embedded policies
Shabtai et al. Google android: A comprehensive security assessment
US7818781B2 (en) Behavior blocking access control
Russello et al. MOSES: supporting operation modes on smartphones
US8893300B2 (en) Security systems and methods to reduce data leaks in enterprise networks
US8893225B2 (en) Method and apparatus for secure web widget runtime system
Lee et al. FACT: Functionality-centric access control system for IoT programming frameworks
EP3671508B1 (en) Customizing operating system kernels with secure kernel modules
US8051459B2 (en) Method and system for extending SELinux policy models and their enforcement
US20100100929A1 (en) Apparatus and method for security managing of information terminal
US9967284B2 (en) Processing device and method of operation thereof
WO2013075419A1 (en) Method for managing right to use of function, and mobile terminal
WO2014040461A1 (en) Access control method and device
US8752130B2 (en) Trusted multi-stakeholder environment
WO2013075422A1 (en) Method for protecting privacy information and mobile terminal
WO2007001046A1 (en) Method for protecting confidential file of security countermeasure application and confidential file protection device
US20150358357A1 (en) Processing device and method of operation thereof
CN112231726B (en) Access control method and device based on trusted verification and computer equipment
EP1643409A2 (en) Application programming Interface for Access authorization
CN116319024A (en) Access control method and device of zero trust system and zero trust system
CN112491545B (en) Credible hybrid cloud management platform, access method and system
WO2024007096A1 (en) Privacy data protection method for android system
KR102430882B1 (en) Method, apparatus and computer-readable medium for container work load executive control of event stream in cloud
CN108664805B (en) Application program safety verification method and system
KR100706338B1 (en) Virtual access control security system for supporting various access control policies in operating system or application

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 202280018335.9

Country of ref document: CN

121 Ep: the epo has been informed by wipo that ep was designated in this application

Ref document number: 22949693

Country of ref document: EP

Kind code of ref document: A1