CN103761471A - Application program installation method and device based on intelligent terminal - Google Patents

Application program installation method and device based on intelligent terminal Download PDF

Info

Publication number
CN103761471A
CN103761471A CN201410060683.XA CN201410060683A CN103761471A CN 103761471 A CN103761471 A CN 103761471A CN 201410060683 A CN201410060683 A CN 201410060683A CN 103761471 A CN103761471 A CN 103761471A
Authority
CN
China
Prior art keywords
application program
authority
application
interface
authorization privilege
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201410060683.XA
Other languages
Chinese (zh)
Inventor
姚彤
丁祎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Qizhi Software Beijing Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201410060683.XA priority Critical patent/CN103761471A/en
Publication of CN103761471A publication Critical patent/CN103761471A/en
Priority to US15/120,378 priority patent/US20170068810A1/en
Priority to PCT/CN2014/093595 priority patent/WO2015124017A1/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/554Detecting local intrusion or implementing counter-measures involving event detection and direct action

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

The invention discloses an application program installation method and device based on an intelligent terminal. The application program installation method includes the steps of in the application program installation process, after it is monitored that an application program needs to read a configuration information file, loading an application program authorization permission list interface set for the application program to be installed, wherein the application program authorization permission list interface is an interface for providing an authorization permission list for modifying the application program and comprises one or more pieces of behavior permission selectively authorized by a user for the application program to be installed; recording modification to the application program authorization permission list, and after the application program is completely installed, updating the behavior permission of the application program according to the modification record of the application program authorization permission list. By means of the application program installation method and device, the user safety can be improved.

Description

Method and apparatus based on intelligent terminal set up applications
Technical field
The present invention relates to Android (Android) platform technology, be specifically related to a kind of method and apparatus based on intelligent terminal set up applications.
Background technology
Android platform is the mobile phone operating system platform of increasing income based on Linux, operating system, user interface and application program, consists of, completely open to third party application.Opening due to Android platform, make application developer when developing application, have larger degree of freedom, thereby, a lot of application developers have been attracted, the application program of a large amount of Androids based on Android platform is also developed and provided to application developer, the installation kit of this application program is with a kind of APK(Android of being called as Package) form issue, by Android installation kit is installed, realize the operation of application program, increasing application program can be carried on Android platform.Android platform, as most popular Mobile operating system platform in the world, has covered billions of mobile terminals and numerous application programs.
Android platform has designed the secure access strategy based on authorizing behavior authority at the beginning of design, when user carries out application program installation, if application program relates to the operation to user security, for example, read the operation of user privacy information, or the operation that may cause customer charge to lose, all needing user's application programs to carry out behavior authorized party can carry out.For instance, if application program needs carry out to send note after installation, access contact data, read the operation that storing card data etc. reads user privacy information, and while using network connection etc. to increase the operation of customer charge, need to user, to apply for corresponding behavior authority when mounted, namely in application program installation process, by mobile terminal, will need the behavior rights statements of subscriber authorisation to show to user, thereby determine whether authorize the access rights that this application program is carried out user security operation by user.
In application program installation process, due to the secure access strategy of Android platform, user, when set up applications, can only authorize the behavior authority of application program on the whole, and intelligent terminal operating system is authorized behavior authority on the whole.Thereby, when application program is installed, to user, show after the behavior rights service of application program, user or all behavior rights service of accepting application program are to continue to install this application program, or, can only cancel and this application program is installed and exits this application program and install.For instance, when user installation KC the Internet telephony application program, owing to need to obtaining the corelation behaviour authority of user security information, Android platform is according to the secure access strategy based on behavior authority, display interface at mobile terminal is shown the safe corelation behaviour authority that needs subscriber authorisation, for example, read mobile terminal state and ID, interception is breathed out, direct calling telephone number, editor SMS or MMS, send text message, recording and accurately GPS positional information etc., if subscriber authorisation KC the Internet telephony application program is carried out above-mentioned all safe operations, can proceed to install by clicking next step control of display interface, like this, after KC the Internet telephony application program is installed, KC the Internet telephony application program will have authority acquiring user's recorded message and the accurate user security information such as GPS positional information, if user does not authorize KC the Internet telephony application program to carry out above-mentioned all safe operations, can, by clicking the cancellation control of display interface, exit current KC the Internet telephony application installation.
In recent years, utilize Android platform application programs can only authorize on the whole the feature of behavior authority, malicious application for Android platform rolls up, malicious application is in the behavior authority of application subscriber authorisation, increase a plurality of behavior authorities that affect user security, for example, send note, read contact person, networking, recording, read the behavior authorities such as the accurate GPS positional information of user, bind with the behavior authority that the normal operation of this malicious application is required, and with various tempting names, function and application attracts user installation, simultaneously, when the display interface displaying of mobile terminal needs the safe corelation behaviour authority of subscriber authorisation, the behavior authority that affects user security of increase is placed in to the place that user not too pays close attention to, thereby next step control of clicking display interface by user is proceeded to install, once and install and move this malicious application, mean that user has authorized all behavior authorities of this malicious application application, make user's safety face material risk, and this malicious application is by user's installation, realized and stolen privacy of user, the objects such as malice fee suction.Further, even if user has doubt to the some of them behavior authority of malicious application application, but there is no other selections except abandoning installation.
The potential safety hazard of bringing to user in order to reduce malicious application, existing Android platform provides security application, in order to Initiative Defense and behavior rights management function to be provided, by security of operation application program, can be selected by user the behavior authority of each application program of needs forbidding, that is to say, by security of operation application program, can offer the super keeper's of user authority (being root authority), make user can utilize super administrator right to revise and upgrade the behavior authority of each application program, thereby make application program when operation, no longer enjoy the behavior authority that user authorizes in this application program process is installed, thereby in subsequent applications, can avoid this application program that user security is formed and threatened.But the method, can not effectively avoid user after set up applications, by security application, arrange in the time period before prohibitive behavior authority, the security hidden danger of bringing to user while moving due to application program, user's security information is within this time period, or may be stolen or reveal, thereby bring loss to user, user security is reduced.Further, in some application programs, really exist and experience preferably point, but because worrying the behavior authority of this application program, user may cause the leakage of individual privacy information, this application program is not installed in final selection, like this, not only reduce user's business experience, also to application developers, brought great economic loss.
Summary of the invention
In view of the above problems, the present invention has been proposed to a kind of method and apparatus based on intelligent terminal set up applications that overcomes the problems referred to above or address the above problem is at least in part provided.
According to one aspect of the present invention, the method based on intelligent terminal set up applications is provided, the method comprises:
Carry out in the process of application program installation, need to read after configuration information file monitoring application program, be loaded as the application program authorization privilege list interface that this application program to be installed arranges, described application program authorization privilege list interface is the interface that is provided for revising the list of application program authorization privilege, include one or more behavior authorities that user is described application program selective authorization to be installed, record the modification of application programs authorization privilege list;
In application program, complete after installation, according to the amendment record of application programs authorization privilege list, the behavior authority of this application program is upgraded.
Preferably, the application program authorization privilege list interface that is loaded as this application program setting to be installed described in comprises:
Resolve the application file bag for set up applications, obtain the application program identification in application file bag;
According to the application program identification of obtaining, the application program authorization privilege list storehouse that inquiry sets in advance, obtains application program authorization privilege list corresponding to this application program identification;
At installation interface, load the application program authorization privilege list obtaining, generate described application program authorization privilege list interface.
Preferably, described application program authorization privilege list storehouse being set comprises:
To each application program, in application program installation process, read after configuration information file monitoring application program, gather and obtain application program behavior authority for the application of intelligent terminal operating system in described configuration information file;
The behavior authority of authorizing from the behavior authority of the application program obtained according to user, generates and is stored in the application program authorization privilege list in application program authorization privilege list storehouse.
Preferably, described in, obtain application program comprises for the behavior authority of intelligent terminal operating system application in described configuration information file:
By application program official download site, obtain application file bag;
Resolve the configuration information file in application file bag, obtain the behavior authority that this application program need to be applied for for intelligent terminal operating system.
Preferably, the configuration information file in described parsing application file bag comprises:
The application file of decompress(ion) based on intelligent terminal, from the application file of decompress(ion), obtain the configuration information file of the global variable description of encryption, and the configuration information file of encrypting is decrypted, obtain the original configuration message file of deciphering, the behavior authority in the original configuration message file of scanning deciphering is described part.
Preferably, utilize the extensible markup language document resolver in Java, the behavior authority of resolving in the original configuration message file of described deciphering is described part.
Preferably, application program authorization privilege list described in application program correspondence one described in each, a plurality of application program authorization privilege lists form application program authorization privilege list storehouse, and the act of authorization authority comprising in the list of described application program authorization privilege is a part for the intelligent terminal operating system behavior authority of authorizing.
Preferably, before described behavior authority of authorizing from the behavior authority of the application program obtained according to user, described method further comprises:
The behavior authority of the application program of obtaining is shown.
Preferably, in the described application program of obtaining, in described configuration information file after the behavior authority for the application of intelligent terminal operating system, described method further comprises:
The behavior authority of the application program of obtaining is categorized as to the privacy authority of paying close attention to for reminding user and other authority of directly authorizing according to application program.
Preferably, described method further comprises:
By privacy authority be divided into run application necessary must authority and the optional nonessential authority that runs application, and in mandate, the information that circle's user oriented is shown described inessential authority is set.
Preferably, described method further comprises:
Utilize isolation sandbox and/or, static code analysis and/or, automatic code mark scanning method, the described of application programs application must authority carry out legitimacy and rational checking, take and determine whether required requisite authority when application program is moved all of each authority in must authority, if not, by this authority from deleting authority, and show to user as inessential authority.
Preferably, described method further comprises:
The security application that operation sets in advance, the act of authorization authority of application programs is upgraded, so that application program, when follow-up operation, is accessed accordingly according to the act of authorization authority of upgrading.
Preferably, described method further comprises:
Need after the application programming interfaces of behavior authority monitoring application program access, Android platform is the record in the application program authorization privilege list of this application program setting according to user, whether the behavior authority that judges access application interface is disabled, if the behavior authority of access application interface is disabled, by man-machine interface, point out user whether to select to revise; If user selects act of revision authority, Android platform allows this application program to access described application programming interfaces, otherwise Android platform notifies this application program to exit access.
Preferably, before described application program installation, described method further comprises:
The application file bag corresponding to application program to be installed carries out security sweep, if application file bag to be installed, by security sweep, is carried out the flow process that described application program is installed, otherwise, process ends.
Preferably, described security sweep includes but not limited to trojan horse scanning, ad plug-in scanning, vulnerability scanning.
Preferably, further comprise:
Adopt the application program authorization privilege list interface loading to replace the installation interface that described application program is provided by intelligent terminal operating system in installation process.
Preferably, the application program authorization privilege list interface that is loaded as this application program setting to be installed described in comprises:
By hook, the installation interface redirect being provided by intelligent terminal operating system is pointed to described application program authorization privilege list interface, and confirming or completing after application program authorization privilege list modification the redirect of the installation interface that end provides described intelligent terminal operating system.
Preferably, described intelligent terminal operating system is Android system.
Preferably, the application program authorization privilege list interface that is loaded as this application program setting to be installed described in comprises:
In the source code of intelligent terminal operation platform ccf layer, find the class and the interface that in the configuration information file of application program, need to insert hook, described class and interface are class and the interface that relates to privacy of user authority;
Analyze and revise the source code of described class and interface, the described class of the hook inserting while making to read configuration information file and interface point to the application program authorization privilege list arranging for this application program to be installed in advance;
The program code segments that operation sets in advance, is loaded into current installation interface by the list of application program authorization privilege, generates described application program authorization privilege list interface.
Preferably, before described application program installation, described method further comprises:
In interface after the behavior authority of the act of authorization authority configuring application program comprising in the application program authorization privilege list interface according to loading, next step control is set needs corresponding class and the interface that inserts hook to point to, and described sensing and described application program read configuration information file to carry out next step control of showing after the behavior authority configuration of application program need the corresponding insertion class of hook identical with the sensing of interface.
Preferably, the behavior authority of the described application program of configuration meets the described demonstration with program authorization permissions list interface.
Preferably, in described configuration information file, include the behavior authority of authorizing described application program for intelligent terminal operating system.
Preferably, the operation platform of described intelligent terminal includes but not limited to Android platform.
Preferably, described method further comprises:
Class and the interface of the hook that application program provides according to intelligent terminal operating system are installed, and after this application program installation, do not show the information that comprises application program installation at installation interface; :
After monitoring and upgrading behavior authority that described application program authorizes for intelligent terminal operating system in installation process and complete, at installation interface, show the information that comprises application program installation.A kind of device based on intelligent terminal set up applications is provided according to another aspect of the present invention, and this device comprises: monitoring modular, load-on module and authority configuration module, wherein,
Monitoring modular, for the process of installing in application program, need to read after configuration information file notice load-on module monitoring application program;
Load-on module, be used for according to the notice receiving, be loaded as the application program authorization privilege list interface that this application program to be installed arranges, described application program authorization privilege list interface is the interface that is provided for revising the list of application program authorization privilege, include one or more behavior authorities that user is described application program selective authorization to be installed, record the modification of application programs authorization privilege list;
Authority configuration module, for completing after installation in application program, upgrades the behavior authority of this application program according to the amendment record of application programs authorization privilege list.
Preferably, described load-on module comprises: resolution unit, query unit and loading unit, wherein,
Resolution unit, resolves the application file bag for set up applications, obtains the application program identification in application file bag;
Query unit, for according to the application program identification of obtaining, inquires about the application program authorization privilege list storehouse setting in advance, and obtains application program authorization privilege list corresponding to this application program identification;
Loading unit, for load the application program authorization privilege list obtaining at installation interface, generates described application program authorization privilege list interface.
Preferably, described load-on module further comprises:
The first taxon, for being categorized as the behavior authority of the application program of obtaining the privacy authority of paying close attention to for reminding user and other authority of directly authorizing according to application program.
Preferably, described load-on module further comprises:
The second taxon, for privacy authority is divided into run application necessary must authority and the optional nonessential authority that runs application, and in mandate, the information that circle's user oriented is shown described inessential authority is set.
Preferably, described load-on module further comprises:
Authentication unit, be used for utilizing isolation sandbox and/or, static code analysis and/or, automatic code mark scanning method, the described of application programs application must authority carry out legitimacy and rational checking, and take and determine whether required requisite authority when application program is moved all of each authority in must authority, if not, by this authority from deleting authority, and show to user as inessential authority.
Preferably, further comprise:
Display module, for showing the behavior authority of the application program of obtaining.
Preferably, further comprise:
Authority update module, for moving the security application setting in advance, the act of authorization authority of application programs is upgraded, so that application program, when follow-up operation, is accessed accordingly according to the act of authorization authority of upgrading.
Preferably, further comprise:
Security sweep module, carries out security sweep for the application file bag to be installed, if application file bag to be installed, by security sweep, is carried out the flow process of described set up applications file bag, otherwise, process ends.
Preferably, described loading unit comprises: inquire about subelement, reshuffle subelement and interface generation subelement, wherein,
Inquiry subelement, for the source code at intelligent terminal operation platform ccf layer, finds the class and the interface that in the configuration information file of application program, need to insert hook, and described class and interface are class and the interface that relates to privacy of user authority;
Reshuffle subelement, for analyzing and revise the source code of described class and interface, the described class of the hook inserting while making to read configuration information file and interface point to the application program authorization privilege list arranging for this application program to be installed in advance;
Interface generates subelement, and the program code segments that operation sets in advance, is loaded into current installation interface by the list of application program authorization privilege, generates described application program authorization privilege list interface.
According to the method and apparatus based on intelligent terminal set up applications of the present invention, can pass through set up applications installation, reselect and determine the authority that can authorize the authority of this application program and forbid authorizing, thereby upgrading the behavior authority that application program is authorized for intelligent terminal operating system in installation process.Solved thus after set up applications, can forbid that application program obtains the mandate of user to responsive authority, the technical matters that the authorization privilege that adopts user to set in advance after application program is installed carries out corresponding access, obtained and both can guarantee the business function that user normally uses this application program to provide, beneficial effect that again can effective guarantee user security.
Above-mentioned explanation is only the general introduction of technical solution of the present invention, in order to better understand technological means of the present invention, and can be implemented according to the content of instructions, and for above and other objects of the present invention, feature and advantage can be become apparent, below especially exemplified by the specific embodiment of the present invention.
Accompanying drawing explanation
By reading below detailed description of the preferred embodiment, various other advantage and benefits will become cheer and bright for those of ordinary skills.Accompanying drawing is only for the object of preferred implementation is shown, and do not think limitation of the present invention.And in whole accompanying drawing, by identical reference symbol, represent identical parts.In the accompanying drawings:
Fig. 1 shows the method flow of the embodiment of the present invention based on intelligent terminal set up applications; And,
Fig. 2 shows the apparatus structure of the embodiment of the present invention based on intelligent terminal set up applications.
Embodiment
Exemplary embodiment of the present disclosure is described below with reference to accompanying drawings in more detail.Although shown exemplary embodiment of the present disclosure in accompanying drawing, yet should be appreciated that and can realize the disclosure and the embodiment that should do not set forth limits here with various forms.On the contrary, it is in order more thoroughly to understand the disclosure that these embodiment are provided, and can by the scope of the present disclosure complete convey to those skilled in the art.
Existing during based on intelligent terminal set up applications, owing to thering is the feature of the behavior authority that can only authorize on the whole application program, user can not select behavior rights service according to the demand of own security, as need set up applications, in the behavior rights service that needs subscriber authorisation of showing at the display interface of mobile terminal, all behavior authorities that can only be forced to accept application program are to proceed application program installation, the behavior authority that is the application of default user application programs is all authorized, thereby next step control of clicking display interface by user is proceeded to install, once and install and run application, mean that user has authorized all behavior authorities of this application program, make user's safety will face material risk.And the Initiative Defense that security application provides and rights management function, or can not effectively avoid user after set up applications, by security application, arrange before prohibitive behavior authority, the security hidden danger of bringing to user while moving due to application program, reduces user security.
Existing application program, to the behavior authority of user's application and the configuration information of application programs, be carried in the configuration information file of application program, because configuration information file is generated by signature by application developer, thereby, can not be by resolving configuration information file, and the configuration information file of resolving is modified and changed the behavior authority of application program.In the embodiment of the present invention, a kind of method based on intelligent terminal set up applications is proposed, by obtaining in advance the behavior authority of each application program, and after application program is installed, behavior authority by the application of user's application programs is carried out selective authorization, user can be needed and security consideration according to the function of own application programs, in the behavior authority of applying in application program, carry out corresponding selection mandate, generate the list of application program authorization privilege, the behavior authority of authorizing for intelligent terminal operating system in installation process to upgrade application program, thereby the behavior authority having after application program is installed the application program authorization privilege list of generation as application program, thereby both can guarantee the business function that user normally uses this application program to provide, again can effective guarantee user security.
Fig. 1 shows the method flow of the embodiment of the present invention based on intelligent terminal set up applications.Referring to Fig. 1, this flow process comprises:
Step 101, carry out in the process of application program installation, need to read after configuration information file monitoring application program, be loaded as the application program authorization privilege list interface that this application program to be installed arranges, described application program authorization privilege list interface is the interface that is provided for revising the list of application program authorization privilege, include one or more behavior authorities that user is described application program selective authorization to be installed, record the modification of application programs authorization privilege list;
In this step, the application program authorization privilege list interface that is loaded as this application program setting to be installed comprises:
A11, resolves the application file bag for set up applications, obtains the application program identification in application file bag;
In this step, by resolving application file bag, can obtain the application program identification of carrying out uniquely tagged for application programs.
A12, according to the application program identification of obtaining, the application program authorization privilege list storehouse that inquiry sets in advance, obtains application program authorization privilege list corresponding to this application program identification;
In this step, in the application program authorization privilege list storehouse setting in advance, some application program is to there being an application program authorization privilege list, and the list of application program authorization privilege be take application program identification as mark.In each application program authorization privilege list, storing user is the behavior authority of this application program mandate in advance.If not corresponding to the behavior authority of this application program, there is no concrete power limit suggestion, but user still can or forbid to all permission grant in this list.
In the embodiment of the present invention, the application program authorization privilege list storehouse setting in advance can obtain by following method:
To each application program, carry out following steps B11 and B12:
B11, in application program installation process, reads after configuration information file monitoring application program, gathers and obtain application program behavior authority for the application of intelligent terminal operating system in described configuration information file;
In this step, before a certain application program is installed, need to be in advance for this application program be carried out permission grant.As optional embodiment, can obtain application file bag by application program official download site, also can obtain the application file bag that regular application program provider provides from other approach.For example, from application program operator website, obtain application file bag.That is to say, application file bag can be that application developer is uploaded, also can be that application program operator uploads, can also be the legal application file bag of uploading by other channels, as long as can obtain legal application file bag.Like this, by regular approach, obtain application file bag, can guarantee legitimacy and the rationality of this application program authority, avoid being undertaken after illegal modifications by additive method application programs file bag, make the application program after illegal modifications maliciously apply for the behavior authorities that relate to user security more.
In download, be applied after program file bag, by resolving the configuration information file in application file bag, can obtain the behavior authority that this application program need to be applied for for intelligent terminal operating system.
In the embodiment of the present invention, under Android platform, application file bag is APK file, the binary code information that has comprised application program in each APK file, resource information, configuration information file etc.Configuration information file is the AndroidManifest.xml file in APK file, is that each application program all must define and comprise, and it has described the name, version, authority of application program, the information such as library file of quoting.In practical application, the configuration information file of resolving in application file bag comprises: the application file of decompress(ion) based on Android platform, from the application file of decompress(ion), obtain the configuration information file of the global variable description of encryption, it is AndroidManifest.xml file, and the configuration information file of encrypting is decrypted, obtain the original configuration message file of deciphering: AndroiManifest.xml file; Authority in scan A ndroidManifest.xml file is described part, can obtain the behavior permissions list that application program is applied for, the behavior authority comprising in behavior permissions list is the behavior authority of application program.
The statement form of the behavior authority of application program in AndroidManifest.xml file is as follows:
Filename: AndroidManifest.xml
<uses-permission android:name=" rights of using "/>
As optional embodiment, in above-mentioned process of analysis, can use the extend markup language (XML in Java, Extensible Markup Language) document parser, the authority of resolving in AndroidManifest.xml file is described part, to obtain the behavior permissions list of application program.Certainly, also can use other XML resolvers, or, use other programming languages, the exploitation such as the programming language such as C/C++, python XML resolver, resolves the behavior permissions list of being applied for to obtain corresponding application program to AndroidManifest.xml file.
B12, the behavior authority of the mandate of choosing from the behavior authority of the application program obtained according to user, generates and is stored in the application program authorization privilege list in application program authorization privilege list storehouse.
In this step, user is from the behavior authority of each application program, according to the business demand of self and security consideration, as optional embodiment, can be in application program installation process, installation interface corresponding to configuration information file reading in application program, be respectively each application program and carry out permission grant, intelligent terminal operating system is according to the act of authorization authority of choosing for each application program, generation is to application program authorization privilege list that should application program, it is the behavior authority that recording user is chosen and authorized at installation interface, to do subsequent load application, wherein, in configuration information file, include the behavior authority of being authorized application program by intelligent terminal operating system.The corresponding application program authorization privilege list of each application program, the list of application program authorization privilege is carried out mark with application program identification.In the embodiment of the present invention, a plurality of application program authorization privilege lists form application program authorization privilege list storehouse, in the list of application program authorization privilege, not only include one or more behavior authorities that user is application program mandate, also include one or more behavior authorities that user forbids mandate for application program, the follow-up demonstration that meets described use program authorization permissions list interface for upgrading the behavior authority of application program.That is to say, behavior authority in the list of application program authorization privilege, its attribute is for authorizing or forbidding authorizing, and the act of authorization authority comprising in the list of application program authorization privilege is a part for the described intelligent terminal operating system behavior authority of authorizing, if the behavior authority of application is in the list of application program authorization privilege, its attribute, for authorizing, allows the behavior authority that application program is applied for to access; If the behavior authority of application is in the list of application program authorization privilege, its attribute is authorized for forbidding, refuses the behavior authority access that application program is applied for.
As optional embodiment, the mandate selection operation for the ease of user to behavior authority, before choosing authorization privilege according to user from the behavior authority of the application program obtained, the method can further include:
The behavior authority of the application program of obtaining is shown.
In this step, can also interface (application program authorization privilege list interface) be set for user provides to authorize, the behavior authority of showing application program on interface is set in mandate, user arranges on interface the behavior authority of showing is authorized and chosen in mandate.Like this, user can arrange interface by visual mandate, chooses easily required behavior authority and authorizes.
As another optional embodiment, in order to improve the understanding of the behavior authority of user's application programs application, the method can further include:
Behavior authority to the application program of obtaining is classified.
In this step, can be for each application program, the behavior authority of obtaining is categorized as to privacy authority and other authority, wherein, for privacy authority, owing to relating to user's privacy, need reminding user to pay close attention to, and for other authority, user can be according to the application of application program, without too much concern, authorize its authority.
In the embodiment of the present invention, privacy authority includes but not limited to following information: (androi d.permission.SEND_SMS) sends SMS message, accessing Internet (android.permission.INTERNET), (android.permission.READ_SMS) reads SMS message, write short message (android.permission.WRITE_SMS), read address list (android.permission.READ_CONTACTS), the record (android.permission.WRITE_CONTACTS) of reporting, call (android.permissi on.CALL_PHONE), write system setting (android.permission.WRITE_SYNC_SETTI NGS), read positional information, record and read recorded message.Each privacy authority correspondence has a function, and for example, for the authority that sends SMS message, corresponding function is SmsManager.sendTextMe ssage, SmsManager.sendDataMessage, SmsManager.sendMultipartTextMessage etc.
For privacy authority, can be further divided into again essential authority and nonessential authority.Wherein, must authority be run application necessary, by the behavior authority of subscriber authorisation, the behavior authority that lacks this mandate, application program cannot normally be moved, if user need to install this application program, essential authority that must application programs application is all authorized, otherwise cannot install.Nonessential authority is the behavior authority of the subscriber authorisation that needs of application program, but is option, can not affect the operation of application program, if the behavior authority do not obtain subscriber authorisation, do not affect the installation and operation of application program.For example, must authority can comprise: the record of reporting, call etc., nonessential authority can comprise: read positional information, accessing Internet, read recorded message etc.
As optional embodiment, for inessential authority, further in mandate, the information that circle's user oriented is shown this inessential authority is set.Information can be: the suggestion of nonessential authority is cancelled, or authority is optional grant item, please according to inherently safe strategy, authorizes etc.Advise that user is when authorizing inessential authority, the consideration based on own personal secrets, careful selection is authorized the behavior authority of application program.
As another optional embodiment, for essential authority, can also verify, take and determine that all essential authorities are whether all necessary when application program is moved, i.e. the essential authority of application programs application is carried out legitimacy and rational checking.Checking method can utilize comprise isolation sandbox and/or, static code analysis and/or, the methods such as automatic code mark scanning, take and determine whether required requisite behavior authority when application program is moved all of each behavior authority in must authority, if not, by the behavior authority from deleting authority, and show to user as inessential authority.Wherein, application static code analysis, can search, locate security risk and the leak of the essential authority existence of each application program quickly and accurately.And isolation sandbox utilizes virtual machine technique, by virtual machine, clone a certain subregion or all subregions of hard disk in Android platform, and form a shadow, be referred to as shadow mode.Shadow mode and Android plateform system have same architecture and function, user can run application under shadow mode, any operation of application programs, for example, revise file, the various application programs of installation testing (comprising rogue application, virus applications program), be all isolated sandbox and wrap up, the intercepting of malicious application to user privacy information, all be limited in isolating in sandbox, as long as isolation sandbox is closed, just can be so that the operation of harm Android platform disappears.Thereby, by isolation sandbox method, the access behavior of monitoring and measuring application program to user data, can determine whether the essential authority of application program relates to privilege abuse, be application program for various purposes, whether to user, applied for this not behavior authority of this application.If the mode application of application program by essential authority extra behavior authority, may cause user privacy information to be revealed, thereby, need to be by behavior authority of this extra application from rejecting authority.For example, if a single-play game application program read this behavior authority of subscriber phone, this reads subscriber phone, and this just may belong to the originally behavior authority of this application not of single-play game application program, thus the security of lifting privacy of user.About utilizing the essential authority of the applications of method application programs such as isolation sandbox, static code analysis, automatic code mark scanning to carry out legitimacy and rational checking, be known technology, at this, omit detailed description.
Like this, by the behavior authority of application program is categorized as to privacy authority and other authority, user is paid close attention to the privacy authority wherein relating to, thereby consider whether need application programs to authorize this authority, to ensure privacy of user safety; Further, by privacy authority being divided into essential authority and nonessential authority, make user for nonessential authority, the security strategy based on self avoids it to authorize as far as possible, thereby promotes privacy of user security; And, for essential authority, carrying out legitimacy and rational checking, the behavior authority of the extra application of malicious application can be rejected, ensure to greatest extent user security.
A13, loads the application program authorization privilege list obtaining at installation interface, generate described application program authorization privilege list interface.
In this step, adopt the application program authorization privilege list interface loading to replace the installation interface that described application program is provided by intelligent terminal operating system in installation process.The application program authorization privilege list interface that is loaded as this application program setting to be installed comprises: by hook, the installation interface redirect being provided by intelligent terminal operating system is pointed to described application program authorization privilege list interface, and confirming or completing after application program authorization privilege list modification the redirect of the installation interface that end provides described intelligent terminal operating system.Particularly, can in the source code of Android platform framework layer, find application program that class and the interface that needs to insert hook in execution is installed, these classes and interface are class and the interface that relates to user privacy information, by analyzing and revise the source code of class and interface, the class of the hook inserting while making to read configuration information file and interface point to the application program authorization privilege list that the embodiment of the present invention sets in advance, but not point to the configuration information file in application file bag, the program code segments that operation sets in advance, the list of application program authorization privilege is loaded into current installation interface, generate described application program authorization privilege list interface, and after completing this application program authorization privilege list interface, the operation after the configuration information file of this application program is read in sensing, make operation after completing this application program authorization privilege list interface identical with the operation after the existing configuration information file that reads application program.In interface after the behavior authority of the act of authorization authority configuring application program comprising in the application program authorization privilege list interface according to loading, next step control is set needs corresponding class and the interface that inserts hook to point to, and described sensing and described application program read configuration information file to carry out next step control of showing after the behavior authority configuration of application program need the corresponding insertion class of hook identical with the sensing of interface.About the function of describing according to the embodiment of the present invention, realizing the modification of source code, is known technology, at this, omits detailed description.In practical application, by revising the mode of source code, replace the application program erector of the former acquiescence of Android platform, thereby the application program authorization privilege list that realizes the embodiment of the present invention loads, wherein, the method of replacing the former erector of Android platform includes but not limited to several as follows: by user, selecting new erector is the erector of Android platform acquiescence, if on the mobile terminal of crossing at Root, can directly replace the former application program mount scheme of Android platform, and in the ROM of mobile terminal, replace the former application program mount scheme of Android platform.
Step 102, completes after installation in application program, according to the amendment record of application programs authorization privilege list, the behavior authority of this application program is upgraded.
In this step, after application program erector is according to the behavior authority of the good application program of application program authorization privilege list configuration loading, subsequent installation flow process is known technology, at this, omits detailed description.
The embodiment of the present invention is in application program installation process, for instance, the application program authorization privilege list interface of showing to user can show in lines, and every row is sequentially specific as follows: 11 authorities of this application program, this application program is installed? (the first row); 3 privacy authorities (inessential authority, suggestion is cancelled) (the second row); Read positional information (the third line, read positional information before be provided with optional frame control); Send note (fourth line is provided with optional frame control before transmission note); Call (fifth line is provided with optional frame control before calling); 8 other authorities (the 6th row) etc.; Lowermost end at interface, is provided with and cancels control, installation control.Like this, after the list of loading application programs authorization privilege, can carry out according to the whole delegated strategy of Android platform the installation of application program, different is, this application program authorization privilege list is for user is in advance for the authorization privilege of this application program setting and forbid authority, but not the authority of application in the configuration information file that application file bag carries makes the behavior authority of the described application program of configuration meet the described demonstration with program authorization permissions list interface.
As optional embodiment, in follow-up flow process, if user needs the authorization privilege of application programs to adjust, the method can further include:
Step 103, the security application that operation sets in advance, the authorization privilege of application programs upgrades, so that application program, when follow-up operation, is accessed accordingly according to the authorization privilege upgrading.
In this step, when user installation is well after corresponding application program, if the authorization privilege that needs some functions of application programs or authorize application program upgrades, can pass through security of operation application program, at renewal interface corresponding to security application, by user, selected the behavior authority of each application program of needs forbidding or mandate, corresponding function and authorization privilege with application programs are modified, thereby when application program reruns again, support the access of the amended corresponding function of user and authorization privilege.For example, if forbidden a certain authorization privilege, when application program is moved again, no longer enjoy the authorization privilege that user has been forbidden.
Certainly, in practical application, also can attempt the application programming interfaces (API that access needs authority in application program, Application Program Interface) time, Android platform is the record in the application program authorization privilege list of this application program setting according to user, whether the authority of judgement access API is disabled, if the authority of access API is disabled, whether this application program can point out user to select to revise by man-machine interface; If user selects to revise authority, Android platform allows this application program to access described API, otherwise Android platform notifies this application program to exit access.
As another optional embodiment, can also be before application file bag corresponding to set up applications, this application file bag to be installed is carried out to security sweep, to guarantee the security of application file bag to be installed, reduce the probability that malicious application is installed.Like this, the method further comprises:
Application file bag to be installed is carried out to security sweep, if application file bag to be installed, by security sweep, is carried out the flow process of described set up applications file bag, otherwise, process ends.
In this step, before set up applications file bag, by this application file bag is carried out to degree of depth security sweep, degree of depth security sweep includes but not limited to trojan horse scanning, ad plug-in scanning, vulnerability scanning.For example, for trojan horse, scan, can be by the feature in the rogue program storehouse of application file bag and pre-stored be mated, when the feature in application file bag and rogue program storehouse matches, pointing out this application file bag is rogue program, and advises that user forbids the installation to this application program.Like this, before set up applications, by treating set up applications file bag, carry out degree of depth security sweep, can identify malicious application, greatly reduce the probability that user installs malicious application by mistake.
In the embodiment of the present invention, as optional embodiment, class and the interface of the hook that application program provides according to intelligent terminal operating system are installed, be that application program is installed according to existing installation procedure, the third party software based on intelligent terminal set up applications that the embodiment of the present invention provides is after this application program installation, make not show at the installation interface of existing application the information that comprises application program installation, and triggering loads the application program authorization privilege list interface that user arranges for this application program in advance, the act of authorization authority that intelligent terminal operating system is comprised according to the application program authorization privilege list interface loading, upgrade the behavior authority that this application program is authorized for intelligent terminal operating system in installation process, and then, after monitoring and upgrading behavior authority that this application program authorizes for intelligent terminal operating system in installation process and complete, triggering shows the information that comprises application program installation at installation interface.
From above-mentioned, the method based on Android platform set up applications of the embodiment of the present invention, user is after set up applications, and triggering selection is also determined the behavior authority that can authorize the behavior authority of this application program and forbid authorizing.Like this, for some responsive behavior authorities, for example, send note, read the authorities such as contact person, user is after installing this application program, by utilizing the act of authorization authority comprise for the application program authorization privilege list interface of application program setting in advance, the behavior authority that renewal application program is authorized for intelligent terminal operating system in installation process, can forbid that this application program obtains the mandate of user to responsive behavior authority.Thereby, even if user installs and has moved malicious application because of carelessness, because corresponding behavior authority is forbidden by user after installation to application program operation, potential safety hazard loss can be dropped to minimum, the security that effectively improves Android platform.Specifically, the embodiment of the present invention has the rights management mechanism before installation, and, before application program is installed, user can authorize for application program to be installed the behavior authority of selection; And, rights management mechanism after installation,, after application program installation, the behavior authority that allows user to authorize mounted application program is carried out authority modification, and the authorization privilege of modification is stored, for application program, when moving, according to the authority of revising, access accordingly.
Fig. 2 shows the apparatus structure of the embodiment of the present invention based on intelligent terminal set up applications.Referring to Fig. 2, this device comprises: monitoring modular, load-on module and authority configuration module, wherein,
Monitoring modular, for the process of installing in application program, need to read after configuration information file notice load-on module monitoring application program;
In the embodiment of the present invention, monitoring modular is after application program installation, the installation interface that is controlled at existing application does not show the information that comprises application program installation, and notify load-on module, and after monitoring and upgrading behavior authority that this application program authorizes for intelligent terminal operating system in installation process and complete, trigger at installation interface and show the information that comprises application program installation.
As optional embodiment, monitoring modular can also be further used for needing after the application programming interfaces of behavior authority monitoring application program access, Android platform is the record in the application program authorization privilege list of this application program setting according to user, whether the authority that judges access application interface is disabled, if the authority of access application interface is disabled, by man-machine interface, point out user whether to select to revise; If user selects to revise authority, Android platform allows this application program to access described application programming interfaces, otherwise Android platform notifies this application program to exit access.
Load-on module, be used for according to the notice receiving, be loaded as the application program authorization privilege list interface that this application program to be installed arranges, described application program authorization privilege list interface is the interface that is provided for revising the list of application program authorization privilege, include one or more behavior authorities that user is described application program selective authorization to be installed, record the modification of application programs authorization privilege list;
Authority configuration module, for completing after installation in application program, upgrades the behavior authority of this application program according to the amendment record of application programs authorization privilege list.
In the embodiment of the present invention, load-on module comprises: resolution unit, query unit and loading unit (not shown), wherein,
Resolution unit, resolves the application file bag for set up applications, obtains the application program identification in application file bag;
In the embodiment of the present invention, the behavior authority of obtaining application program comprises: by application program official download site, obtain application file bag; Resolve the configuration information file in application file bag, obtain the behavior authority that this application program need to be applied for.Wherein, the configuration information file of resolving in application file bag comprises: the application file of decompress(ion) based on intelligent terminal, from the application file of decompress(ion), obtain the configuration information file of the global variable description of encryption, and the configuration information file of encrypting is decrypted, obtain the original configuration message file of deciphering, utilize the authority that the extensible markup language document resolver in Java scans in the original configuration message file of deciphering to describe part.
Query unit, for according to the application program identification of obtaining, inquires about the application program authorization privilege list storehouse setting in advance, and obtains application program authorization privilege list corresponding to this application program identification;
In the embodiment of the present invention, application program authorization privilege list storehouse is set and comprises: to each application program, gather and obtain the behavior authority of application program; The behavior authority of choosing and authorizing from the behavior authority of the application program obtained according to user, generates and is stored in the application program authorization privilege list in application program authorization privilege list storehouse.Application program authorization privilege list described in application program correspondence one described in each, a plurality of application program authorization privilege lists form application program authorization privilege list storehouse.
Loading unit, for load the application program authorization privilege list obtaining at installation interface, generates described application program authorization privilege list interface.
Preferably, load-on module can further include:
The first taxon, for being categorized as the behavior authority of the application program of obtaining the privacy authority of paying close attention to for reminding user and other authority of directly authorizing according to application program.
In practical application, load-on module can further include:
The second taxon, for privacy authority is divided into run application necessary must authority and the optional nonessential authority that runs application, and in mandate, the information that circle's user oriented is shown described inessential authority is set.
As optional embodiment, load-on module can further include:
Authentication unit, be used for utilizing isolation sandbox and/or, static code analysis and/or, automatic code mark scanning method, the described of application programs application must authority carry out legitimacy and rational checking, and take and determine whether required requisite behavior authority when application program is moved all of each behavior authority in must authority, if not, by the behavior authority from deleting authority, and show to user as inessential authority.
As optional embodiment, loading unit comprises: inquire about subelement, reshuffle subelement and interface generation subelement, wherein,
Inquiry subelement, for the source code at intelligent terminal operation platform ccf layer, finds the class and the interface that in the configuration information file of application program, need to insert hook, and described class and interface are class and the interface that relates to privacy of user authority;
Reshuffle subelement, for analyzing and revise the source code of described class and interface, the described class of the hook inserting while making to read configuration information file and interface point to the application program authorization privilege list arranging for this application program to be installed in advance;
Interface generates subelement, and the program code segments that operation sets in advance, is loaded into current installation interface by the list of application program authorization privilege, generates described application program authorization privilege list interface.
As optional embodiment, this device can further include:
Display module, for showing the behavior authority of the application program of obtaining.
As another optional embodiment, this device can further include:
Authority update module, for moving the security application setting in advance, the act of authorization authority of application programs is upgraded, so that application program, when follow-up operation, is accessed accordingly according to the act of authorization authority of upgrading.
As an optional embodiment again, this device can further include:
Security sweep module, carries out security sweep for the application file bag to be installed, if application file bag to be installed, by security sweep, is carried out the flow process of described set up applications file bag, otherwise, process ends.
In the embodiment of the present invention, security sweep includes but not limited to trojan horse scanning, ad plug-in scanning, vulnerability scanning.
The algorithm providing at this is intrinsic not relevant to any certain computer, virtual system or miscellaneous equipment with demonstration.Various general-purpose systems also can with based on using together with this teaching.According to description above, it is apparent constructing the desired structure of this type systematic.In addition, the present invention is not also for any certain programmed language.It should be understood that and can utilize various programming languages to realize content of the present invention described here, and the description of above language-specific being done is in order to disclose preferred forms of the present invention.
In the instructions that provided herein, a large amount of details have been described.Yet, can understand, embodiments of the invention can not put into practice in the situation that there is no these details.In some instances, be not shown specifically known method, structure and technology, so that not fuzzy understanding of this description.
Similarly, be to be understood that, in order to simplify the disclosure and to help to understand one or more in each inventive aspect, in the above in the description of exemplary embodiment of the present invention, each feature of the present invention is grouped together into single embodiment, figure or sometimes in its description.Yet, the method for the disclosure should be construed to the following intention of reflection: the present invention for required protection requires than the more feature of feature of clearly recording in each claim.Or rather, as reflected in claims below, inventive aspect is to be less than all features of disclosed single embodiment above.Therefore, claims of following embodiment are incorporated to this embodiment thus clearly, and wherein each claim itself is as independent embodiment of the present invention.
Those skilled in the art are appreciated that and can the module in the equipment in embodiment are adaptively changed and they are arranged in one or more equipment different from this embodiment.Module in embodiment or unit or assembly can be combined into a module or unit or assembly, and can put them into a plurality of submodules or subelement or sub-component in addition.At least some in such feature and/or process or unit are mutually repelling, and can adopt any combination to combine all processes or the unit of disclosed all features in this instructions (comprising claim, summary and the accompanying drawing followed) and disclosed any method like this or equipment.Unless clearly statement in addition, in this instructions (comprising claim, summary and the accompanying drawing followed) disclosed each feature can be by providing identical, be equal to or the alternative features of similar object replaces.
In addition, those skilled in the art can understand, although embodiment more described herein comprise some feature rather than further feature included in other embodiment, the combination of the feature of different embodiment means within scope of the present invention and forms different embodiment.For example, in the following claims, the one of any of embodiment required for protection can be used with array mode arbitrarily.
All parts embodiment of the present invention can realize with hardware, or realizes with the software module moved on one or more processor, or realizes with their combination.It will be understood by those of skill in the art that and can use in practice microprocessor or digital signal processor (DSP) to realize according to the some or all functions of the some or all parts in the device based on intelligent terminal set up applications of the embodiment of the present invention.The present invention for example can also be embodied as, for carrying out part or all equipment or device program (, computer program and computer program) of method as described herein.Realizing program of the present invention and can be stored on computer-readable medium like this, or can there is the form of one or more signal.Such signal can be downloaded and obtain from internet website, or provides on carrier signal, or provides with any other form.
It should be noted above-described embodiment the present invention will be described rather than limit the invention, and those skilled in the art can design alternative embodiment in the situation that do not depart from the scope of claims.In the claims, any reference symbol between bracket should be configured to limitations on claims.Word " comprises " not to be got rid of existence and is not listed as element or step in the claims.Being positioned at word " " before element or " one " does not get rid of and has a plurality of such elements.The present invention can be by means of including the hardware of some different elements and realizing by means of the computing machine of suitably programming.In having enumerated the unit claim of some devices, several in these devices can be to carry out imbody by same hardware branch.The use of word first, second and C grade does not represent any order.Can be title by these word explanations.
The invention discloses, mono-kind of the A1. method based on intelligent terminal set up applications, comprising:
Carry out in the process of application program installation, need to read after configuration information file monitoring application program, be loaded as the application program authorization privilege list interface that this application program to be installed arranges, described application program authorization privilege list interface is the interface that is provided for revising the list of application program authorization privilege, include one or more behavior authorities that user is described application program selective authorization to be installed, record the modification of application programs authorization privilege list;
In application program, complete after installation, according to the amendment record of application programs authorization privilege list, the behavior authority of this application program is upgraded.
A2. according to the method described in A1, described in be loaded as this application program setting to be installed application program authorization privilege list interface comprise:
Resolve the application file bag for set up applications, obtain the application program identification in application file bag;
According to the application program identification of obtaining, the application program authorization privilege list storehouse that inquiry sets in advance, obtains application program authorization privilege list corresponding to this application program identification;
At installation interface, load the application program authorization privilege list obtaining, generate described application program authorization privilege list interface.
A3. according to the method described in A2, described application program authorization privilege list storehouse is set and comprises:
To each application program, in application program installation process, read after configuration information file monitoring application program, gather and obtain application program behavior authority for the application of intelligent terminal operating system in described configuration information file;
The behavior authority of authorizing from the behavior authority of the application program obtained according to user, generates and is stored in the application program authorization privilege list in application program authorization privilege list storehouse.
A4. according to the method described in A3, described in obtain application program and for the behavior authority of intelligent terminal operating system application, comprise in described configuration information file:
By application program official download site, obtain application file bag;
Resolve the configuration information file in application file bag, obtain the behavior authority that this application program need to be applied for for intelligent terminal operating system.
A5. according to the method described in A4, the configuration information file in described parsing application file bag comprises:
The application file of decompress(ion) based on intelligent terminal, from the application file of decompress(ion), obtain the configuration information file of the global variable description of encryption, and the configuration information file of encrypting is decrypted, obtain the original configuration message file of deciphering, the behavior authority in the original configuration message file of scanning deciphering is described part.
A6. according to the method described in A5, utilize the extensible markup language document resolver in Java, the behavior authority of resolving in the original configuration message file of described deciphering is described part.
A7. according to the method described in A1, application program authorization privilege list described in application program correspondence one described in each, a plurality of application program authorization privilege lists form application program authorization privilege list storehouse, and the act of authorization authority comprising in the list of described application program authorization privilege is a part for the intelligent terminal operating system behavior authority of authorizing.
A8. according to the method described in A3, before described behavior authority of authorizing from the behavior authority of the application program obtained according to user, described method further comprises:
The behavior authority of the application program of obtaining is shown.
A9. according to the method described in A3, in the described application program of obtaining, in described configuration information file after the behavior authority for the application of intelligent terminal operating system, described method further comprises:
The behavior authority of the application program of obtaining is categorized as to the privacy authority of paying close attention to for reminding user and other authority of directly authorizing according to application program.
A10. according to the method described in A9, described method further comprises:
By privacy authority be divided into run application necessary must authority and the optional nonessential authority that runs application, and in mandate, the information that circle's user oriented is shown described inessential authority is set.
A11. according to the method described in A10, described method further comprises:
Utilize isolation sandbox and/or, static code analysis and/or, automatic code mark scanning method, the described of application programs application must authority carry out legitimacy and rational checking, take and determine whether required requisite authority when application program is moved all of each authority in must authority, if not, by this authority from deleting authority, and show to user as inessential authority.
A12. according to the method described in A1, described method further comprises:
The security application that operation sets in advance, the act of authorization authority of application programs is upgraded, so that application program, when follow-up operation, is accessed accordingly according to the act of authorization authority of upgrading.
A13. according to the method described in A1, described method further comprises:
Need after the application programming interfaces of behavior authority monitoring application program access, Android platform is the record in the application program authorization privilege list of this application program setting according to user, whether the behavior authority that judges access application interface is disabled, if the behavior authority of access application interface is disabled, by man-machine interface, point out user whether to select to revise; If user selects act of revision authority, Android platform allows this application program to access described application programming interfaces, otherwise Android platform notifies this application program to exit access.
A14. according to the method described in A1, before described application program installation, described method further comprises:
The application file bag corresponding to application program to be installed carries out security sweep, if application file bag to be installed, by security sweep, is carried out the flow process that described application program is installed, otherwise, process ends.
A15. according to the method described in A14, described security sweep includes but not limited to trojan horse scanning, ad plug-in scanning, vulnerability scanning.
A16. according to the method described in A1, further comprise:
Adopt the application program authorization privilege list interface loading to replace the installation interface that described application program is provided by intelligent terminal operating system in installation process.
A17. according to the method described in A1, described in be loaded as this application program setting to be installed application program authorization privilege list interface comprise:
By hook, the installation interface redirect being provided by intelligent terminal operating system is pointed to described application program authorization privilege list interface, and confirming or completing after application program authorization privilege list modification the redirect of the installation interface that end provides described intelligent terminal operating system.
A18. according to the method described in A1, described intelligent terminal operating system is Android system.
A19. according to the method described in A1, described in be loaded as this application program setting to be installed application program authorization privilege list interface comprise:
In the source code of intelligent terminal operation platform ccf layer, find the class and the interface that in the configuration information file of application program, need to insert hook, described class and interface are class and the interface that relates to privacy of user authority;
Analyze and revise the source code of described class and interface, the described class of the hook inserting while making to read configuration information file and interface point to the application program authorization privilege list arranging for this application program to be installed in advance;
The program code segments that operation sets in advance, is loaded into current installation interface by the list of application program authorization privilege, generates described application program authorization privilege list interface.
A20. according to the method described in A1, before described application program installation, described method further comprises:
In interface after the behavior authority of the act of authorization authority configuring application program comprising in the application program authorization privilege list interface according to loading, next step control is set needs corresponding class and the interface that inserts hook to point to, and described sensing and described application program read configuration information file to carry out next step control of showing after the behavior authority configuration of application program need the corresponding insertion class of hook identical with the sensing of interface.
A21. according to the method described in A1, the behavior authority of the described application program of configuration meets the described demonstration with program authorization permissions list interface.
A22. according to the method described in A1, in described configuration information file, include the behavior authority of authorizing described application program for intelligent terminal operating system.
A23. according to the method described in A1, the operation platform of described intelligent terminal includes but not limited to Android platform.
A24. according to the method described in A1, described method further comprises:
Class and the interface of the hook that application program provides according to intelligent terminal operating system are installed, and after this application program installation, do not show the information that comprises application program installation at installation interface; :
After monitoring and upgrading behavior authority that described application program authorizes for intelligent terminal operating system in installation process and complete, at installation interface, show the information that comprises application program installation.
A25. the device based on intelligent terminal set up applications, this device comprises: monitoring modular, load-on module and authority configuration module, wherein,
Monitoring modular, for the process of installing in application program, need to read after configuration information file notice load-on module monitoring application program;
Load-on module, be used for according to the notice receiving, be loaded as the application program authorization privilege list interface that this application program to be installed arranges, described application program authorization privilege list interface is the interface that is provided for revising the list of application program authorization privilege, include one or more behavior authorities that user is described application program selective authorization to be installed, record the modification of application programs authorization privilege list;
Authority configuration module, for completing after installation in application program, upgrades the behavior authority of this application program according to the amendment record of application programs authorization privilege list.
A26. according to the device described in A25, described load-on module comprises: resolution unit, query unit and loading unit, wherein,
Resolution unit, resolves the application file bag for set up applications, obtains the application program identification in application file bag;
Query unit, for according to the application program identification of obtaining, inquires about the application program authorization privilege list storehouse setting in advance, and obtains application program authorization privilege list corresponding to this application program identification;
Loading unit, for load the application program authorization privilege list obtaining at installation interface, generates described application program authorization privilege list interface.
A27. according to the device described in A26, described load-on module further comprises:
The first taxon, for being categorized as the behavior authority of the application program of obtaining the privacy authority of paying close attention to for reminding user and other authority of directly authorizing according to application program.
A28. according to the device described in A27, described load-on module further comprises:
The second taxon, for privacy authority is divided into run application necessary must authority and the optional nonessential authority that runs application, and in mandate, the information that circle's user oriented is shown described inessential authority is set.
A29. according to the device described in A27, described load-on module further comprises:
Authentication unit, be used for utilizing isolation sandbox and/or, static code analysis and/or, automatic code mark scanning method, the described of application programs application must authority carry out legitimacy and rational checking, and take and determine whether required requisite authority when application program is moved all of each authority in must authority, if not, by this authority from deleting authority, and show to user as inessential authority.
A30. according to the device described in A25, further comprise:
Display module, for showing the behavior authority of the application program of obtaining.
A31. according to the device described in A25, further comprise:
Authority update module, for moving the security application setting in advance, the act of authorization authority of application programs is upgraded, so that application program, when follow-up operation, is accessed accordingly according to the act of authorization authority of upgrading.
A32. according to the device described in A25, further comprise:
Security sweep module, carries out security sweep for the application file bag to be installed, if application file bag to be installed, by security sweep, is carried out the flow process of described set up applications file bag, otherwise, process ends.
A33. according to the device described in A26, described loading unit comprises: inquire about subelement, reshuffle subelement and interface generation subelement, wherein,
Inquiry subelement, for the source code at intelligent terminal operation platform ccf layer, finds the class and the interface that in the configuration information file of application program, need to insert hook, and described class and interface are class and the interface that relates to privacy of user authority;
Reshuffle subelement, for analyzing and revise the source code of described class and interface, the described class of the hook inserting while making to read configuration information file and interface point to the application program authorization privilege list arranging for this application program to be installed in advance;
Interface generates subelement, and the program code segments that operation sets in advance, is loaded into current installation interface by the list of application program authorization privilege, generates described application program authorization privilege list interface.

Claims (10)

1. the method based on intelligent terminal set up applications, comprising:
Carry out in the process of application program installation, need to read after configuration information file monitoring application program, be loaded as the application program authorization privilege list interface that this application program to be installed arranges, described application program authorization privilege list interface is the interface that is provided for revising the list of application program authorization privilege, include one or more behavior authorities that user is described application program selective authorization to be installed, record the modification of application programs authorization privilege list;
In application program, complete after installation, according to the amendment record of application programs authorization privilege list, the behavior authority of this application program is upgraded.
2. the method for claim 1, described in be loaded as this application program setting to be installed application program authorization privilege list interface comprise:
Resolve the application file bag for set up applications, obtain the application program identification in application file bag;
According to the application program identification of obtaining, the application program authorization privilege list storehouse that inquiry sets in advance, obtains application program authorization privilege list corresponding to this application program identification;
At installation interface, load the application program authorization privilege list obtaining, generate described application program authorization privilege list interface.
3. method as claimed in claim 2, arranges described application program authorization privilege list storehouse and comprises:
To each application program, in application program installation process, read after configuration information file monitoring application program, gather and obtain application program behavior authority for the application of intelligent terminal operating system in described configuration information file;
The behavior authority of authorizing from the behavior authority of the application program obtained according to user, generates and is stored in the application program authorization privilege list in application program authorization privilege list storehouse.
4. method as claimed in claim 3, described in obtain application program and for the behavior authority of intelligent terminal operating system application, comprise in described configuration information file:
By application program official download site, obtain application file bag;
Resolve the configuration information file in application file bag, obtain the behavior authority that this application program need to be applied for for intelligent terminal operating system.
5. the method for claim 1, further comprises:
Adopt the application program authorization privilege list interface loading to replace the installation interface that described application program is provided by intelligent terminal operating system in installation process.
6. the method for claim 1, described in be loaded as this application program setting to be installed application program authorization privilege list interface comprise:
By hook, the installation interface redirect being provided by intelligent terminal operating system is pointed to described application program authorization privilege list interface, and confirming or completing after application program authorization privilege list modification the redirect of the installation interface that end provides described intelligent terminal operating system.
7. the method for claim 1, described intelligent terminal operating system is Android system.
8. the method for claim 1, described in be loaded as this application program setting to be installed application program authorization privilege list interface comprise:
In the source code of intelligent terminal operation platform ccf layer, find the class and the interface that in the configuration information file of application program, need to insert hook, described class and interface are class and the interface that relates to privacy of user authority;
Analyze and revise the source code of described class and interface, the described class of the hook inserting while making to read configuration information file and interface point to the application program authorization privilege list arranging for this application program to be installed in advance;
The program code segments that operation sets in advance, is loaded into current installation interface by the list of application program authorization privilege, generates described application program authorization privilege list interface.
9. the device based on intelligent terminal set up applications, is characterized in that, this device comprises: monitoring modular, load-on module and authority configuration module, wherein,
Monitoring modular, for the process of installing in application program, need to read after configuration information file notice load-on module monitoring application program;
Load-on module, be used for according to the notice receiving, be loaded as the application program authorization privilege list interface that this application program to be installed arranges, described application program authorization privilege list interface is the interface that is provided for revising the list of application program authorization privilege, include one or more behavior authorities that user is described application program selective authorization to be installed, record the modification of application programs authorization privilege list;
Authority configuration module, for completing after installation in application program, upgrades the behavior authority of this application program according to the amendment record of application programs authorization privilege list.
10. device as claimed in claim 9, is characterized in that, described load-on module comprises: resolution unit, query unit and loading unit, wherein,
Resolution unit, resolves the application file bag for set up applications, obtains the application program identification in application file bag;
Query unit, for according to the application program identification of obtaining, inquires about the application program authorization privilege list storehouse setting in advance, and obtains application program authorization privilege list corresponding to this application program identification;
Loading unit, for load the application program authorization privilege list obtaining at installation interface, generates described application program authorization privilege list interface.
CN201410060683.XA 2014-02-21 2014-02-21 Application program installation method and device based on intelligent terminal Pending CN103761471A (en)

Priority Applications (3)

Application Number Priority Date Filing Date Title
CN201410060683.XA CN103761471A (en) 2014-02-21 2014-02-21 Application program installation method and device based on intelligent terminal
US15/120,378 US20170068810A1 (en) 2014-02-21 2014-12-11 Method and apparatus for installing an application program based on an intelligent terminal device
PCT/CN2014/093595 WO2015124017A1 (en) 2014-02-21 2014-12-11 Method and apparatus for application installation based on intelligent terminal device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201410060683.XA CN103761471A (en) 2014-02-21 2014-02-21 Application program installation method and device based on intelligent terminal

Publications (1)

Publication Number Publication Date
CN103761471A true CN103761471A (en) 2014-04-30

Family

ID=50528707

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201410060683.XA Pending CN103761471A (en) 2014-02-21 2014-02-21 Application program installation method and device based on intelligent terminal

Country Status (1)

Country Link
CN (1) CN103761471A (en)

Cited By (29)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN104657187A (en) * 2015-03-24 2015-05-27 联想(北京)有限公司 Application installation processing method, application installation processing device and electronic equipment
WO2015124018A1 (en) * 2014-02-21 2015-08-27 北京奇虎科技有限公司 Method and apparatus for application access based on intelligent terminal device
WO2015124017A1 (en) * 2014-02-21 2015-08-27 北京奇虎科技有限公司 Method and apparatus for application installation based on intelligent terminal device
CN104992111A (en) * 2015-07-27 2015-10-21 上海斐讯数据通信技术有限公司 Intelligent application installer and installing method based on mobile terminal
CN105095754A (en) * 2015-05-11 2015-11-25 北京奇虎科技有限公司 Method, device and mobile terminal for processing virus applications
CN105306451A (en) * 2015-09-28 2016-02-03 青岛海信电器股份有限公司 Method and device for controlling DLNA (Digital Living Network Alliance) equipment service permission
CN105354489A (en) * 2015-10-29 2016-02-24 小米科技有限责任公司 Right granting method and apparatus
CN105991584A (en) * 2015-02-12 2016-10-05 广东欧珀移动通信有限公司 Information authority obtaining method and terminal
CN106022091A (en) * 2016-05-11 2016-10-12 青岛海信移动通信技术股份有限公司 Authorization method and device of application program
CN106446711A (en) * 2016-09-30 2017-02-22 努比亚技术有限公司 Information processing method and electronic equipment
WO2017045311A1 (en) * 2015-09-18 2017-03-23 小米科技有限责任公司 Text message reading method and device
CN106557669A (en) * 2015-09-30 2017-04-05 北京奇虎科技有限公司 A kind of authority control method and device of application program installation process
CN106557687A (en) * 2015-09-30 2017-04-05 北京奇虎科技有限公司 A kind of authority control method and device of application program installation process
CN106778089A (en) * 2016-12-01 2017-05-31 联信摩贝软件(北京)有限公司 A kind of system and method that security management and control is carried out to software authority and behavior
WO2017107680A1 (en) * 2015-12-25 2017-06-29 北京奇虎科技有限公司 Terminal configuration adjustment method and apparatus
CN107016262A (en) * 2015-11-13 2017-08-04 阿里巴巴集团控股有限公司 Application program right management method and client
US10021543B2 (en) 2015-09-18 2018-07-10 Xiaomi Inc. Short message service reading method and device
US10027629B2 (en) 2015-09-18 2018-07-17 Xiaomi Inc. Short message service reading method and device
CN108459954A (en) * 2017-02-22 2018-08-28 腾讯科技(深圳)有限公司 Vulnerability of application program detection method and device
CN108496198A (en) * 2017-10-09 2018-09-04 华为技术有限公司 A kind of image processing method and equipment
WO2018171092A1 (en) * 2017-03-21 2018-09-27 华为技术有限公司 Permission update method and terminal device
CN109214165A (en) * 2017-07-04 2019-01-15 武汉安天信息技术有限责任公司 A kind of judgment method of the rights statements legitimacy of pre-installed applications program and judge system
CN109587016A (en) * 2018-11-20 2019-04-05 广东美的制冷设备有限公司 Household electrical appliances binding system, method, mobile terminal, server, household electrical appliances and medium
CN110083399A (en) * 2019-03-04 2019-08-02 上海连尚网络科技有限公司 Small routine operation method, computer equipment and storage medium
CN110727594A (en) * 2019-10-14 2020-01-24 北京智游网安科技有限公司 Test method for application integrity protection, intelligent terminal and storage medium
CN110928597A (en) * 2018-09-20 2020-03-27 Oppo广东移动通信有限公司 Game running method and related product
WO2020124294A1 (en) * 2018-12-16 2020-06-25 吉安市井冈山开发区金庐陵经济发展有限公司 Permission configuration method
CN111338667A (en) * 2020-02-10 2020-06-26 浙江大华技术股份有限公司 Upgrading method and upgrading device for application program APP
US11132766B2 (en) 2017-10-09 2021-09-28 Huawei Technologies Co., Ltd. Image processing method and device using multiple layers of an operating system

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102200922A (en) * 2011-04-06 2011-09-28 宇龙计算机通信科技(深圳)有限公司 Application program installation method and terminal
CN102426639A (en) * 2011-09-26 2012-04-25 宇龙计算机通信科技(深圳)有限公司 Information security monitoring method and device
CN102521548A (en) * 2011-11-24 2012-06-27 中兴通讯股份有限公司 Method for managing using rights of function and mobile terminal
CN102810143A (en) * 2012-04-28 2012-12-05 天津大学 Safety detecting system and method based on mobile phone application program of Android platform

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102200922A (en) * 2011-04-06 2011-09-28 宇龙计算机通信科技(深圳)有限公司 Application program installation method and terminal
CN102426639A (en) * 2011-09-26 2012-04-25 宇龙计算机通信科技(深圳)有限公司 Information security monitoring method and device
CN102521548A (en) * 2011-11-24 2012-06-27 中兴通讯股份有限公司 Method for managing using rights of function and mobile terminal
CN102810143A (en) * 2012-04-28 2012-12-05 天津大学 Safety detecting system and method based on mobile phone application program of Android platform

Cited By (34)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
WO2015124018A1 (en) * 2014-02-21 2015-08-27 北京奇虎科技有限公司 Method and apparatus for application access based on intelligent terminal device
WO2015124017A1 (en) * 2014-02-21 2015-08-27 北京奇虎科技有限公司 Method and apparatus for application installation based on intelligent terminal device
CN105991584A (en) * 2015-02-12 2016-10-05 广东欧珀移动通信有限公司 Information authority obtaining method and terminal
CN104657187A (en) * 2015-03-24 2015-05-27 联想(北京)有限公司 Application installation processing method, application installation processing device and electronic equipment
CN105095754A (en) * 2015-05-11 2015-11-25 北京奇虎科技有限公司 Method, device and mobile terminal for processing virus applications
CN104992111B (en) * 2015-07-27 2018-09-28 上海斐讯数据通信技术有限公司 A kind of intelligent use erector and installation method based on mobile terminal
CN104992111A (en) * 2015-07-27 2015-10-21 上海斐讯数据通信技术有限公司 Intelligent application installer and installing method based on mobile terminal
US10021543B2 (en) 2015-09-18 2018-07-10 Xiaomi Inc. Short message service reading method and device
US10027629B2 (en) 2015-09-18 2018-07-17 Xiaomi Inc. Short message service reading method and device
US9998887B2 (en) 2015-09-18 2018-06-12 Xiaomi Inc. Short message service reading method and device
WO2017045311A1 (en) * 2015-09-18 2017-03-23 小米科技有限责任公司 Text message reading method and device
CN105306451A (en) * 2015-09-28 2016-02-03 青岛海信电器股份有限公司 Method and device for controlling DLNA (Digital Living Network Alliance) equipment service permission
CN106557669A (en) * 2015-09-30 2017-04-05 北京奇虎科技有限公司 A kind of authority control method and device of application program installation process
CN106557687A (en) * 2015-09-30 2017-04-05 北京奇虎科技有限公司 A kind of authority control method and device of application program installation process
CN105354489B (en) * 2015-10-29 2019-05-10 小米科技有限责任公司 Permission giving method and device
CN105354489A (en) * 2015-10-29 2016-02-24 小米科技有限责任公司 Right granting method and apparatus
CN107016262A (en) * 2015-11-13 2017-08-04 阿里巴巴集团控股有限公司 Application program right management method and client
WO2017107680A1 (en) * 2015-12-25 2017-06-29 北京奇虎科技有限公司 Terminal configuration adjustment method and apparatus
CN106022091A (en) * 2016-05-11 2016-10-12 青岛海信移动通信技术股份有限公司 Authorization method and device of application program
CN106446711A (en) * 2016-09-30 2017-02-22 努比亚技术有限公司 Information processing method and electronic equipment
CN106778089A (en) * 2016-12-01 2017-05-31 联信摩贝软件(北京)有限公司 A kind of system and method that security management and control is carried out to software authority and behavior
CN108459954A (en) * 2017-02-22 2018-08-28 腾讯科技(深圳)有限公司 Vulnerability of application program detection method and device
WO2018171092A1 (en) * 2017-03-21 2018-09-27 华为技术有限公司 Permission update method and terminal device
CN109214165A (en) * 2017-07-04 2019-01-15 武汉安天信息技术有限责任公司 A kind of judgment method of the rights statements legitimacy of pre-installed applications program and judge system
CN109214165B (en) * 2017-07-04 2021-02-05 武汉安天信息技术有限责任公司 Judgment method and judgment system for validity of permission declaration of pre-installed application program
CN108496198B (en) * 2017-10-09 2021-08-20 华为技术有限公司 Image processing method and device
CN108496198A (en) * 2017-10-09 2018-09-04 华为技术有限公司 A kind of image processing method and equipment
US11132766B2 (en) 2017-10-09 2021-09-28 Huawei Technologies Co., Ltd. Image processing method and device using multiple layers of an operating system
CN110928597A (en) * 2018-09-20 2020-03-27 Oppo广东移动通信有限公司 Game running method and related product
CN109587016A (en) * 2018-11-20 2019-04-05 广东美的制冷设备有限公司 Household electrical appliances binding system, method, mobile terminal, server, household electrical appliances and medium
WO2020124294A1 (en) * 2018-12-16 2020-06-25 吉安市井冈山开发区金庐陵经济发展有限公司 Permission configuration method
CN110083399A (en) * 2019-03-04 2019-08-02 上海连尚网络科技有限公司 Small routine operation method, computer equipment and storage medium
CN110727594A (en) * 2019-10-14 2020-01-24 北京智游网安科技有限公司 Test method for application integrity protection, intelligent terminal and storage medium
CN111338667A (en) * 2020-02-10 2020-06-26 浙江大华技术股份有限公司 Upgrading method and upgrading device for application program APP

Similar Documents

Publication Publication Date Title
CN103761471A (en) Application program installation method and device based on intelligent terminal
CN103839000A (en) Application program installation method and device based on intelligent terminal equipment
CN103870306A (en) Method and device for installing application program on basis of intelligent terminal equipment
CN103761472A (en) Application program accessing method and device based on intelligent terminal
CN105427096B (en) Payment security sandbox implementation method and system and application program monitoring method and system
CN103279706B (en) Intercept the method and apparatus installing Android application program in the terminal
WO2015124017A1 (en) Method and apparatus for application installation based on intelligent terminal device
CN103116722A (en) Processing method, processing device and processing system of notification board information
US8893298B2 (en) Network linker for secure execution of unsecured apps on a device
CN100524333C (en) Method for preventing illegal using software
US9542552B2 (en) Extensible platform for securing apps on a mobile device using policies and customizable action points
CN103577750A (en) Privacy authority management method and device
CN107077565B (en) A kind of configuration method and equipment of safety instruction information
CN104517054A (en) Method, device, client and server for detecting malicious APK
US20150358331A1 (en) Identity management, authorization and entitlement framework
CN104021339A (en) Safety payment method and device for mobile terminal
CN103677935A (en) Installation and control method, system and device for application programs
CN103679029A (en) Method and device for repairing cheap-copy application programs
CN103713904A (en) Method, related device and system for installing applications in working area of mobile terminal
CN103548320A (en) Secure execution of unsecured apps on a device
CN105683988A (en) Managed software remediation
CN109815680B (en) Application authority management method and device, terminal equipment and storage medium
CN104392176A (en) Mobile terminal and method for intercepting device manager authority thereof
CN104376255A (en) Application program running control method and device
CN106557669A (en) A kind of authority control method and device of application program installation process

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20140430

RJ01 Rejection of invention patent application after publication