CN106557687A - A kind of authority control method and device of application program installation process - Google Patents

A kind of authority control method and device of application program installation process Download PDF

Info

Publication number
CN106557687A
CN106557687A CN201510642299.5A CN201510642299A CN106557687A CN 106557687 A CN106557687 A CN 106557687A CN 201510642299 A CN201510642299 A CN 201510642299A CN 106557687 A CN106557687 A CN 106557687A
Authority
CN
China
Prior art keywords
application program
permissions
authority
user
application
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510642299.5A
Other languages
Chinese (zh)
Inventor
王务志
王军
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Original Assignee
Beijing Qihoo Technology Co Ltd
Qizhi Software Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Qihoo Technology Co Ltd, Qizhi Software Beijing Co Ltd filed Critical Beijing Qihoo Technology Co Ltd
Priority to CN201510642299.5A priority Critical patent/CN106557687A/en
Publication of CN106557687A publication Critical patent/CN106557687A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/51Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/03Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
    • G06F2221/033Test or assess software

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Stored Programmes (AREA)

Abstract

This application discloses the authority control method and device of a kind of application program installation process, when having detected application program and having installed, the erection schedule of the application program is intercepted, all permissions that the application requests are obtained is monitored, and all permissions for being monitored is showed into user;The operating process of monitoring users, when user's triggering installation function is detected, then responds the triggering clearance erection schedule and all permissions;When detecting that the erection schedule is completed, the control option of all permissions is shown;Obtain operating result of the user to the control option of the System Privileges, and according to the operating result, open target authority allowed to user in the application program is configured, so as to be controlled to the access rights of application program before application program installation, on the one hand the information data safety of user is ensure that, on the other hand ensures the normal operation of application program.

Description

A kind of authority control method and device of application program installation process
Technical field
The application belongs to mobile terminal safety field, specifically, is related to a kind of authority control method of application program installation process.
Background technology
Android is the operating system of a kind of freedom based on Linux and open source code, is mainly used for mobile device, such as smart mobile phone and panel computer, by Google companies and open mobile phone alliance leader and exploitation.Due to the opening of Android, it allows any mobile terminal manufacturer to be added to Android alliances.Significant opening can make which possess more developers, with becoming increasingly abundant for user and application, dragons and fishes jumbled together for substantial amounts of application program, has some application programs unavoidably and is embedded into some illegal acts, so as to the safety for causing user is subject to a certain degree of threat.
Application program generally requires to obtain some authorities of system on backstage when installing, and some authorities are related to the privacy of individual really, also serious critical information safety, the personal information of such as user.Generally system optimization, map, input method, browser, data syn-chronization management etc. is used using needs, it can be in the case of without permission, directly invoke data and your calendar activity of contact person in mobile phone, even the historical record of browser and collection bookmark will not also be let slip, moreover it is possible to send automatically Email.For some need the service of user charges, application program to call, send short message on backstage in the case where user has no to discover.
Some application programs need to obtain the position of user, obtain the position that mobile phone is located by GPS location chip or architecture.But also it is no lack of some spying programs, coordinates network service authority, in real time geographical position can be sent, realize mobile phone tracking.Above-mentioned network service authority allows to apply in running from network downloading data, stealthily consumed flow.
In reality, many application programs can touch many authorities simultaneously, and this is unsafe for cell phone system and user data, then for the authority of application program will be controlled.When control opportunity is selected, on the one hand to ensure safety, on the other hand will ensure that application program runs well.
The authority that some are related to is limited if before program is installed, may result in this program and cannot complete completely to install, such Consumer's Experience will be very poor;And if after the installation is complete, just access rights are limited, that a period of time program when installation backstage access right done it is very multidata steal, cause the dangerous of user data.
Therefore, in order to solve drawbacks described above, this application provides the authority control method and device of a kind of application program installation process.
The content of the invention
In view of this, technical problems to be solved in this application there is provided a kind of authority control method and device of application program installation process.
A kind of authority control method of application program installation process of the application, comprises the steps:
The erection schedule of the application program when having detected application program and installing, is intercepted, all permissions that the application requests are obtained is monitored, and all permissions for being monitored is showed into user;
The operating process of monitoring users, when user's triggering installation function is detected, then responds the triggering clearance erection schedule and all permissions;
When detecting that the erection schedule is completed, the control option of all permissions is shown;
Operating result of the user to the control option of the System Privileges is obtained, and according to the operating result, open target authority allowed to user in the application program is configured.
The erection schedule of the application program is intercepted, is further included:
The application programming interface of the application program is monitored using interrupt mechanism, so as to interrupt the erection schedule of the application program.
The all permissions that the application requests are obtained are monitored, is further included:
Behavior to the application program is monitored, and by the application programming interface in invocation framenort layer, obtains the APK file comprising authority information;The information of all permissions is obtained by parsing APK file.
The information of all permissions is obtained by parsing APK file, is further included:
Decompress the APK file and carry out decompiling, obtain AndroidManifest.xml configuration files;The configuration file is progressively scanned, all permissions of the application requests are extracted.
When detecting that the erection schedule is completed, the control option of all permissions is shown, is further included:
The all permissions information of the application requests to extracting is entered row-column list and is shown to user by the control option of the authority information.
Open target authority allowed to user in the application program is configured, and is further included:
When the target authority in all permissions is opened by the selection of the control option receive user, if the operation application program, intercepts other authorities beyond the application requests target authority;When the target authority in the selection closing all permissions by controlling option receive user, when running the application program, the target authority in all permissions of the application requests is intercepted.
A kind of permission control device of application program installation process of the application, including such as lower module:
Authority monitoring modular, for when having detected application program and installing, intercepting the erection schedule of the application program, monitors all permissions that the application requests are obtained;
Management module is installed, for the operating process of monitoring users, when user's triggering installation function is detected, then the triggering clearance erection schedule and all permissions is responded;
Display module, for by the authority monitoring module monitors to all permissions show user;For when detecting that the erection schedule is completed, showing the control option of all permissions;
Permission configuration module, for obtaining operating result of the user to the control option of the System Privileges, and according to the operating result, open target authority allowed to user in the application program is configured.
Further, the authority monitoring modular, further includes to monitor module, the monitoring module, for monitoring the application programming interface of the application program using interrupt mechanism, so as to interrupt the erection schedule of the application program.
Further, the monitoring module, is further additionally operable to monitor the behavior of the application program, by the application programming interface in invocation framenort layer, obtains the APK file comprising authority information;The information of all permissions is obtained by parsing APK file.
Further, the authority monitoring modular also includes authority parsing module, and the authority parsing module, for decompressing the APK file and carrying out decompiling, obtains AndroidManifest.xml configuration files;
The configuration file is progressively scanned, all permissions of the application requests are extracted.
Further, the display module is additionally operable to, and all permissions information of the application requests to extracting is entered row-column list and is shown to user by the control option of the authority information.
Further, the permission configuration module, is additionally operable to, when the target authority in all permissions is opened by the selection of the control option receive user, if the operation application program, intercepts other authorities beyond the application requests target authority;When the target authority in the selection closing all permissions by controlling option receive user, when running the application program, the target authority in all permissions of the application requests is intercepted.
Compared with prior art, the application is by carrying out authority monitoring to application program to be installed, intercept before the mounting and the authority information for obtaining that application program is asked is installed, and the access rights to application program are controlled, on the one hand the information data safety of user is ensure that, on the other hand ensures that program runs well.
Description of the drawings
Accompanying drawing described herein is used for providing further understanding of the present application, constitutes the part of the application, and the schematic description and description of the application is used to explain the application, does not constitute the improper restriction to the application.In the accompanying drawings:
Fig. 1 is the techniqueflow chart of the embodiment of the present application one;
Fig. 2 is a kind of user operation flow chart of the authority control method of application program installation process of the application;
Fig. 3 is the techniqueflow chart that the embodiment of the present application three extracts all permissions that application requests are accessed;
Fig. 4 is a kind of another techniqueflow chart of the authority control method of application program installation process of the application;
Fig. 5 is the apparatus structure schematic diagram of the embodiment of the present application five;
Fig. 6 is the apparatus structure and functional schematic of the embodiment of the present application six.
Specific embodiment
Describe presently filed embodiment below in conjunction with drawings and Examples in detail, thereby to the application how application technology means come solve technical problem and reach technology effect realize that process can fully understand and implement according to this.
In the embodiment of the present invention, the installation of the application program is mainly in each Terminal Type based on android system, including but not limited to Android phone, panel computer, notebook computer, car-mounted terminal etc..
Embodiment one
Fig. 1 is the techniqueflow chart of the embodiment of the present invention one, and with reference to Fig. 1, a kind of authority control method of application program installation process of the embodiment of the present invention mainly includes the steps in the realization of mobile terminal:
Step 101:The erection schedule of the application program when having detected application program and installing, is intercepted, all permissions that the application requests are obtained is monitored, and all permissions for being monitored is showed into user;
Authority is a kind of restriction applied to the access of code in Android device or data, brings different degrees of infringement to user to prevent critical data and code to be abused.One Android application program may need authority just call the function of android system;One Android application is likely to be called by other application, therefore it is also required to state the authority called required for itself.
When party in request of the application program as authority; if an application program needs API (application programming interface) and other services for using system to provide; and limit protection is authorized in these API and service, need needed for defined in AndroidManifest.xml files, to access the authority of API and service;From for another angle, when application program is authorized party, if the inner function of needing to access there is provided other application of application, for safety, the application program unauthorized access for not possessing access consideration is prevented, needs to specify the access rights accessed required for these functions in code.Either party in request or authorized party are required for being configured the authority of application program.
Android provides the built-in authority of kind about more than 130, is all the static member of android.Manifest.permission classes.Android authorities are sometimes referred to as Manifest authorities, they control various system operatios, such as call (CALL_PHONE), photograph (CAMERA), network (INTERNET), input through keyboard (READ_INPUT_STATE), write note (WRITE_SMS) etc..In addition to built-in authority, any one application program can be with self-defined appropriate authority, so that other application programs are accessed.Android authorities mainly have 4 kinds of ranks:Normal, Dangerous, Signature and SignatureOrSystem.
The dangerous seriousness that the authority of Normal ranks is produced is less, is adapted to pay attention to one warning of user;The authority of Dangerous ranks means that user can be potentially encountered some unexpected danger, and Android can prompt the user whether to need these authorities when mounted;The authority particularity of Signature circles is once an application program states that authority, for Signature ranks, is only limitted to other application programs for having same signature with the application program and can access it;The rank highest of SignatureOrSystem authorities, belongs to a kind of special Signature authorities, and third-party application program is to access the application program for holding this authority.The protection level of this authority needs the application program that system has same signature as application program or with system image just access.This authority contributes to integration system compiling, is generally used for third party application integration, is generally unsuitable for developer.
The realization of Android authority mechanisms runs through application layer, ccf layer, system layer.Application layer is by arranging in Android-Manifest.xml<uses-permission>Specified corresponding authority, re-maps user and the group authority of bottom;Ccf layer is by arranging in platform.xml<permission>Its corresponding authority, platform.xml files is specified to be located at frameworks/base/data/etc/;The authority definition of system layer is in system/core/include/private/android_filesystem_config.h files.
In the embodiment of the present application, application program as authority party in request when, ask some authorities to mounted Android platform.By taking android system mobile phone set up applications as an example, hypothesis installs a social software in Android phone, this social software can be matched or be bound with the address list of user, check in telex network record and bound the user of the social software, mutual communication or mutual plusing good friend therewith under network state;The social software can be linked with being invited to the good friend in address list by short message sending;The social software can be to be mutually positioned the geographical position of other side with good friend, can also be by camera and good friend's share photos etc..Such social software is not strange for Android user, function description more than, so a conventional social software be arranged in Android platform need to obtain network state information authority, WI-FI network status information authority, the authority for reading user contact, send the authority of note, the authority using camera, using GPS location authority etc..
Generally, the species of the more than the example above of authority that a application program need to be installed, and user does not generally know that application program needs to conduct interviews which authority when installing, certain also not all of authority is all under the silent approvement of user, or even some Malwares try to some information for being related to privacy of user and are used for back door.Therefore, when application program is installed, monitor all permissions that the application requests are obtained, the erection schedule of the application program is intercepted simultaneously, and all permissions for being monitored are showed into user, doing so avoids before application program is installed to being controlled so as to cause application program install using the authority of routine access, after on the other hand it also avoid application program installation, carry out the stealing of data using authority on backstage.
Step 102:The operating process of monitoring users, when user's triggering installation function is detected, then responds the triggering clearance erection schedule and all permissions;
In the embodiment of the present invention, after backstage monitors the authority that application requests are obtained, permissions list can be generated prompting is made by display interface to user.It can be a drop-down menu to point out described in the embodiment of the present invention, and user clicks on the drop-down menu and can check all permissions for needing to obtain in the application program installation process.Certainly it can also be a pop-up to point out described in the embodiment of the present invention, or the push of an informing etc., the present invention is not limited to this.
After the permissions list is shown to user, user can know all permissions information that the application requests are accessed, and user selects to install or abandon to install according to wish.The operation of user is monitored on backstage, and after user's triggering installation function is detected, backstage responds the triggering, the clearance intercepted erection schedule and all of authority.The all permissions of now letting pass can ensure that the correct installation of the application program.
Step 104:When detecting that the erection schedule is completed, the control option of all permissions is shown;
In the embodiment of the present invention, the installation progress of real-time monitoring application program is simultaneously shown by controlling interface, display mode can be traditional straight-line progress bar display mode, it can be circular or gear type rotation progress display mode, can also be the loading patterns for being furnished with animation, or can also be the combining form of above-mentioned any-mode.In installation process provide entertaining progress display mode, can alleviate user etc. it is to be installed when boring and anxiety, simultaneously effective allow user clearly to know current installment state, and the time to installation have one to be intuitively expected.Certainly, progress prompt method of the invention includes but is not limited to this.
When backstage monitors that installation progress reaches 100%, controlling interface prompting user installation is completed and shows control of authority option.Wherein, the control of authority option can be a list, show all permissions that application program mount request is accessed in list, each authority all corresponds to a closing and the options for user of a unlatching is selected, user can select to close or opening section target authority according to wish.In the embodiment of the present invention, all permissions are all that acquiescence is opened, and certain present invention includes but is not limited to this.
Step 105:Operating result of the user to the control option of the System Privileges is obtained, and according to the operating result, open target authority allowed to user in the application program is configured.
In the embodiment of the present invention, operation of the real-time monitoring user to the control of authority option, records the target authority that User support is opened or disabled, at the same time, prompting is carried out by controlling interface to user and preserves priority assignation, and allow the open target authority to carry out authority configuration according to user.After the completion for the treatment of authority configuration, user can pass through the Interface Options that exit of controlling interface and terminate this time to install or directly open by opening the option of application program the application program of installation, it should be noted that, when the target authority in all permissions is opened by the selection of the control option receive user, if the operation application program, intercepts other authorities beyond the application requests target authority;When the target authority in the selection closing all permissions by controlling option receive user, when running the application program, the target authority in all permissions of the application requests is intercepted.
Embodiment two
Fig. 2 is the user operation flow chart of the authority control method of two application program installation process of the embodiment of the present invention, and with reference to Fig. 2, the application program installation steps under embodiment of the present invention Android platform are as follows:
Step 201:Start and install, into installation interface;
Application program installation kit APK is the abbreviation of AndroidPackage, i.e. Android installation kits.Install by by APK file to be passed directly to perform in Android device.
Generally user in Android device set up applications by following several ways:
First, can from resource downloading area download application program installation kit, be stored in the SD card of equipment, be also not necessarily limited to certainly be equipment internal storage space in;Then this installation kit is found by file manager, activation by being triggered to which is installed, and the installation of application program thus can be directly carried out in Android device.
Second, computer can be connected with USB data line, software is installed by mobile device assistant PC ends etc. on computers Android device is installed.
Third, being the most frequently used mounting means of user, i.e., directly installed by the assistant and application market of various kinds in equipment, this mounting means simple and fast the most.
The embodiment of the present invention is applied to above-mentioned all of mounting means, is also not limited to certainly above-mentioned several.Either any mounting means, backstage once detect the installation of application program, authority will be monitored and subsequent step operation.
Step 202:When installation interface is replaced by controlling interface, all permissions of the application requests access are checked according to controlling interface prompting and chooses whether to continue to install;
In the embodiment of the present invention, replacement of the controlling interface to installation interface can be pop-up mulching method, can be blade-rotating alternative forms, it is also possible to which tray form represents, and the present invention is not limited to this.
The prompting of controlling interface in the embodiment of the present invention can be a drop-down menu, and user clicks on the drop-down menu and can check all permissions for needing to obtain in the application program installation process.Certainly it can also be a pop-up to point out described in the embodiment of the present invention, or the push of an informing etc., the present invention is not limited to this.
After the permissions list is shown to user, user can know all permissions information that the application requests are accessed, and user can select to install or abandon to install according to wish after clear and definite installation risk.
Step 203:After installation, check that application program needs the authority menu for accessing, the authority menu is operated, select to open or disable partial target control option.
In installation process, user can check installation progress by controlling interface, when progress to be installed reaches 100%, check the authority menu that controlling interface shows, select to open the authority of support according to wish or closing wants to the authority of disabling.
Step 204:Preserve priority assignation and can select to open the application program or exit interface.
In the embodiment of the present invention, if user determines being turned on and off and being preserved to authority, then backstage can record automatically user to the selection of authority and carry out authority configuration for the application program.Now user can select to exit current interface and terminate to install, it is also possible to directly activate the startup application program by the unlatching application program option of current interface.When now application program is run, the authority closed is selected to disable user according to the setting of user, user just can be safe to use.
In the installation procedure of the embodiment of the present application, on the one hand ensure that being normally carried out for installation process, on the other hand show user very clear the authority asked by application program independently to select to support or disable some authorities by user, while user information safety is ensured, the experience of user is greatly improved.
Embodiment three
Fig. 3 is the techniqueflow chart of the embodiment of the present invention three, and with reference to Fig. 3, the embodiment of the present invention monitors all permissions that the application requests are obtained, while the erection schedule for intercepting the application program further includes following steps:
Step 301:Behavior to the application program is monitored, and by the application programming interface in invocation framenort layer, obtains the APK file comprising authority information;
Android point is four layers, it is application layer, application framework layer, system operation storehouse layer and linux core layers respectively from high level to low layer, in the embodiment of the present invention, it is API by the application programming interface in invocation framenort layer, behavior is installed to the application program in ccf layer and is monitored.
API (Application Programming Interface, application programming interface) it is a calling interface that operating system leaves application program for, application program makes operating system go to perform the order (action) of application program by the API of call operation system.
Step 302:Decompress the APK file and carry out decompiling, obtain AndroidManifest.xml configuration files;
It is typically with APK as suffix based on the installation file of the application program of Android, APK file is zip forms in fact, but suffix name is modified to apk, after UnZip is decompressed, it can be seen that bytecode Dex files (classes.dex), resource file (res), configuration file (AndroidManifest.xml) and signing messages file (META-INF).Wherein, Dex is the abbreviation of DalvikVM executes, i.e. Android Dalvik configuration processors.Using analytical tool (including but not limited to:Decompiling instrument dexdump.exe that the Android SDK that apktool, apkmanager, dex 2java, XJad and Google are issued are provided etc.) decompiling is carried out to Dex files, it is translated into the oss message that readable Java files can obtain the application program.
AndroidManifest.xml is the file that each APK application program must be included, and it describes the name of application program, version, authority, quotes the information such as library.Therefore, to read the authority information that the application requests are accessed, AndroidManifest.xml configuration files must just be obtained.
Step 303:The configuration file is progressively scanned, all permissions of the application requests are extracted.
In the inventory of AndroidManifest.xml configuration files, comprising many elements, including authority element.
If application program needs to access a function by protection of usage right, then it must be used in inventory file<uses-permission>Unit usually states its authority for requiring.Every kind of authority can all have a unique label to identify.Generally, label specifies operation to be constrained.For example:
android.permission.WRITE_SMS<Permission program writes note>
android.permission.READ_SMS<Permission program short message reading ceases>
android.permission.READ_OWNER_DATA<Permission program reads owner's data>
android.permission.SEND_SMS<Permission program sends SMS messaging>
android.permission.WRITE_CALENDAR<A program is allowed to write user's calendar data>
android.permission.WRITE_CONTACTS<Permission program writes contact data>
Therefore, by all permissions information that can obtain application program institute acquisition request is progressively scanned to the configuration file AndroidManifest.xml.
Example IV
Fig. 4 is the techniqueflow chart of the embodiment of the present invention four, and with reference to Fig. 4, a kind of authority control method of application program installation process of the embodiment of the present invention mainly comprises the steps:
Step 401:When having detected application program and installing, for being monitored to the application programming interface of the application program using interrupt mechanism, so as to interrupt the erection schedule of the application program.
In the embodiment of the present invention, the interface (API) for realizing set up applications in can adopting hook (hook or hook) mechanism realization to framework layers is monitored.Hook mechanism is a kind of a kind of technology of the message of certain application program or all processes in intercepting and capturing windows systems, the message of hook mechanism permission application program intercepting and capturing process operating system or particular event.The program segment of actually one process message of hook, is called by system, it is linked into system.Whenever specific message sends, before purpose window is not reached, hook program just first captures the message, that is, Hook Function first obtains control.At this moment Hook Function both can be with working process (change) message, it is also possible to does not deal with and continues to transmit the message, can also force the transmission of end.In embodiments of the present invention, interrupting the process of set up applications using hook mechanism, realizing relevant information being obtained before application program is installed, certain present invention includes but is not limited to a kind of this Interrupted interception method.
Realize that a hook typically there are three steps, create hook first, have special API;After creating success, message will pass to the process function specified.Then the message for receiving is analyzed in message processing function, corresponding process is done.Finally, after hook is finished, is disappeared with corresponding API and ruin hook.Hook process has many types, and every kind of hook can be intercepted and process the message of corresponding species, needs for idHook (hook procedural type) to be set to corresponding value in the embodiment of the present invention.
Step 402:Behavior to the application program is monitored, and by the application programming interface (API) in invocation framenort layer, obtains the APK file comprising authority information;
API (Application Programming Interface, application programming interface) it is a calling interface that operating system leaves application program for, application program makes operating system go to perform the order (action) of application program by the API of call operation system.
Step 403:Decompress the APK file and carry out decompiling, obtain AndroidManifest.xml configuration files;
AndroidManifest.xml is the file that each APK application program must be included, and it describes the name of application program, version, authority, quotes the information such as library.Therefore, to read the authority information that the application requests are accessed, AndroidManifest.xml configuration files must just be obtained.
Step 404:The configuration file is progressively scanned, all permissions of the application requests are extracted;
In the inventory of AndroidManifest.xml configuration files, comprising many elements, including authority element.
If application program needs to access a function by protection of usage right, then it must be used in inventory file<uses-permission>Unit usually states its authority for requiring.Every kind of authority can all have a unique label to identify.Generally, label specifies operation to be constrained.For example:
android.permission.WRITE_SMS<Permission program writes note>
android.permission.READ_SMS<Permission program short message reading ceases>
android.permission.READ_OWNER_DATA<Permission program reads owner's data>
android.permission.SEND_SMS<Permission program sends SMS messaging>
android.permission.WRITE_CALENDAR<A program is allowed to write user's calendar data>
android.permission.WRITE_CONTACTS<Permission program writes contact data>
Therefore, by all permissions information that can obtain application program institute acquisition request is progressively scanned to the configuration file AndroidManifest.xml.
Step 405:The all permissions extracted are showed into user.
In the embodiment of the present invention, replacement of the controlling interface to installation interface can be pop-up mulching method, can be blade-rotating alternative forms, it is also possible to which tray form represents, and the present invention is not limited to this.
The prompting of controlling interface in the embodiment of the present invention can be a drop-down menu, and user clicks on the drop-down menu and can check all permissions for needing to obtain in the application program installation process.Certainly it can also be a pop-up to point out described in the embodiment of the present invention, or the push of an informing etc., the present invention is not limited to this.
After the permissions list is shown to user, user can know all permissions information that the application requests are accessed, and user can select to install or abandon to install according to wish after clear and definite installation risk.
Step 406:The operating process of monitoring users, when user's triggering installation function is detected, then responds the triggering clearance erection schedule and all permissions;
In step 401, the application programming interface of the application program is monitored using interrupt mechanism, is realized to the interception using program installation process, so as to further operation obtains all permissions that application program mount request is accessed after interception.After all permissions are informed user, user chooses whether to install after obtaining the risk information installed, if user selects to install, responds the selection of user, and end interrupt continues to install and let pass all permissions to ensure the smooth of installation process.
Step 407:Detect whether the erection schedule completes;
In the embodiment of the present invention, after application program installation, whether operating system successfully returns correlative code (code) to the bag being currently installed on, and passes through reflex mechanism, obtain the relevant information that the code is represented after obtaining code.Such as install successfully, install failure, signature be different, insufficient space etc..Certainly, the method that whether present invention detection erection schedule completes is not limited in said method.
Step 408:Show the control option of all permissions;
In the embodiment of the present invention, the installation progress of real-time monitoring application program is simultaneously shown by controlling interface, display mode can be traditional straight-line progress bar display mode, it can be circular or gear type rotation progress display mode, can also be the loading patterns for being furnished with animation, or can also be the combining form of above-mentioned any-mode.In installation process provide entertaining progress display mode, can alleviate user etc. it is to be installed when boring and anxiety, simultaneously effective allow user clearly to know current installment state, and the time to installation have one to be intuitively expected.Certainly, progress prompt method of the invention includes but is not limited to this.
When backstage monitors that installation progress reaches 100%, controlling interface prompting user installation is completed and shows control of authority option.Wherein, the control of authority option can be a list, show all permissions that application program mount request is accessed in list, each authority all corresponds to a closing and the options for user of a unlatching is selected, user can select to close or opening section target authority according to wish.In the embodiment of the present invention, all permissions are all that acquiescence is opened, and certain present invention includes but is not limited to this.
Step 409:Operating result of the user to the control option of the System Privileges is obtained, and according to the operating result, open target authority allowed to user in the application program is configured.
In the embodiment of the present invention, operation of the real-time monitoring user to the control of authority option, records the target authority that User support is opened or disabled, at the same time, prompting is carried out by controlling interface to user and preserves priority assignation, and allow the open target authority to carry out authority configuration according to user.After the completion for the treatment of authority configuration, user can pass through the Interface Options that exit of controlling interface and terminate this time to install or directly open by opening the option of application program the application program of installation, it should be noted that, when the target authority in all permissions is opened by the selection of the control option receive user, if the operation application program, intercepts other authorities beyond the application requests target authority;When the target authority in the selection closing all permissions by controlling option receive user, when running the application program, the target authority in all permissions of the application requests is intercepted.
Embodiment five
Fig. 5 is the apparatus structure schematic diagram of the embodiment of the present invention five, as shown in figure 5, a kind of permission control device of application program installation process of the embodiment of the present invention five is mainly included with lower module:Authority monitoring modular 501, installation blocking module 502, installation management module 503, display module 504, permission configuration module 505.
The authority monitoring modular 501, for when having detected application program and installing, intercepting the erection schedule of the application program, monitors all permissions that the application requests are obtained;
The installation management module 503, for the operating process of monitoring users, when user's triggering installation function is detected, then responds the triggering clearance erection schedule and all permissions;
The display module 504, for all permissions that the authority monitoring modular 501 is monitored are showed user;For when detecting that the erection schedule is completed, showing the control option of all permissions;
The permission configuration module 505, for obtaining operating result of the user to the control option of the System Privileges, and according to the operating result, open target authority allowed to user in the application program is configured.
Further, the authority monitoring modular 501, further includes to monitor module 501a, monitoring module 501a, for monitoring the application programming interface of the application program using interrupt mechanism, so as to interrupt the erection schedule of the application program.
Further, monitoring module 501a, is further additionally operable to monitor the behavior of the application program, by the application programming interface in invocation framenort layer, obtains the APK file comprising authority information;The information of all permissions is obtained by parsing APK file.
Further, the authority monitoring modular 501 also includes authority parsing module 501b, the authority parsing module 501b, for decompressing the APK file and carrying out decompiling, obtains AndroidManifest.xml configuration files;
The configuration file is progressively scanned, all permissions of the application requests are extracted.
Further, the display module 504 is additionally operable to, and all permissions information of the application requests to extracting is entered row-column list and is shown to user by the control option of the authority information.
Further, the permission configuration module 505, is additionally operable to, when the target authority in all permissions is opened by the selection of the control option receive user, if the operation application program, intercepts other authorities beyond the application requests target authority;When the target authority in the selection closing all permissions by controlling option receive user, when running the application program, the target authority in all permissions of the application requests is intercepted.
Embodiment six
Fig. 6 is a kind of apparatus structure schematic diagram of the another embodiment of the permission control device of application program installation process of the invention, and with reference to Fig. 6, a kind of operation process of the permission control device of application program installation process of the invention is as follows:
First, the erection schedule of the application program when authority monitoring modular 501 has detected application program and installs, is intercepted, all permissions that the application requests are obtained are monitored;
Monitor all permissions that the application requests obtain mainly by authority monitoring modular in monitoring module 501a complete.It is described monitoring module 501a for being monitored to the application programming interface of the application program using interrupt mechanism, so as to interrupt the erection schedule of the application program.
Wherein, monitoring module 501a is also monitored to the behavior of application program, by the application programming interface in invocation framenort layer, obtains the APK file comprising authority information;The information of all permissions is obtained by parsing APK file.
The authority monitoring modular also includes authority parsing module 501b, and the function of the authority parsing module is:
Decompress the APK file and carry out decompiling, obtain AndroidManifest.xml configuration files;
The configuration file is progressively scanned, all permissions of the application requests are extracted.
After all permissions for obtaining the application requests, need to call the display module 504, the display module 504 now to enter row-column list and be shown to user all permissions information of the application requests to extracting.
After all permissions information is showed user, the operating process for installing 502 monitoring users of management module when user's triggering installation function is detected, then responds the triggering clearance erection schedule and all permissions;
Display module 504 shows installation progress, when detecting that the erection schedule is completed, calls all permissions information of the application requests that display module 504 pairs extracts to enter row-column list and be shown to user by the control option of the authority information again.
After treating that user is operated to the control of authority option, the permission configuration module 505 obtains operating result of the user to the control option of the System Privileges, and according to the operating result, open target authority allowed to user in the application program is configured.
When the target authority in all permissions is opened by the selection of the control option receive user, if the operation application program, intercepts other authorities beyond the application requests target authority;
When the target authority in the selection closing all permissions by controlling option receive user, when running the application program, the target authority in all permissions of the application requests is intercepted.
A1, a kind of authority control method of application program installation process, it is characterised in that
The erection schedule of the application program when having detected application program and installing, is intercepted, all permissions that the application requests are obtained is monitored, and all permissions for being monitored is showed into user;
The operating process of monitoring users, when user's triggering installation function is detected, then responds the triggering clearance erection schedule and all permissions;
When detecting that the erection schedule is completed, the control option of all permissions is shown;
Operating result of the user to the control option of the System Privileges is obtained, and according to the operating result, open target authority allowed to user in the application program is configured.
A2, the method as described in a1, it is characterised in that intercept the erection schedule of the application program, further include,
The application programming interface of the application program is monitored using interrupt mechanism, so as to interrupt the erection schedule of the application program.
A3, the method as described in a1, it is characterised in that all permissions that the monitoring application requests are obtained, further include:
Behavior to the application program is monitored, and by the application programming interface in invocation framenort layer, obtains the APK file comprising authority information;
The information of all permissions is obtained by parsing APK file.
The method that a4, such as a3 are stated, it is characterised in that the information of all permissions is obtained by parsing APK file, is further included:
Decompress the APK file and carry out decompiling, obtain AndroidManifest.xml configuration files;
The configuration file is progressively scanned, all permissions of the application requests are extracted.
A5, the method as described in a1, it is characterised in that when detecting that the erection schedule is completed, show the control option of all permissions, further include:
The all permissions information of the application requests to extracting is entered row-column list and is shown to user by the control option of the authority information.
Methods of the a6 as described in a1, it is characterised in that open target authority allowed to user in the application program is configured, and is further included,
When the target authority in all permissions is opened by the selection of the control option receive user, if the operation application program, intercepts other authorities beyond the application requests target authority;
When the target authority in the selection closing all permissions by controlling option receive user, when running the application program, the target authority in all permissions of the application requests is intercepted.
B7, a kind of permission control device of application program installation process, it is characterised in that include such as lower module:
Authority monitoring modular, for when having detected application program and installing, intercepting the erection schedule of the application program, monitors all permissions that the application requests are obtained;
Management module is installed, for the operating process of monitoring users, when user's triggering installation function is detected, then the triggering clearance erection schedule and all permissions is responded;
Display module, for by the authority monitoring module monitors to all permissions show user;For when detecting that the erection schedule is completed, showing the control option of all permissions;
Permission configuration module, for obtaining operating result of the user to the control option of the System Privileges, and according to the operating result, open target authority allowed to user in the application program is configured.
B8, the device as described in b7, it is characterised in that the authority monitoring modular, further include to monitor module,
The monitoring module, for being monitored to the application programming interface of the application program using interrupt mechanism, so as to interrupt the erection schedule of the application program.
B9, the device as described in b7, it is characterised in that the monitoring module, are further additionally operable to:
Behavior to the application program is monitored, and by the application programming interface in invocation framenort layer, obtains the APK file comprising authority information;
The information of all permissions is obtained by parsing APK file.
The device that b10, such as b9 are stated, it is characterised in that the authority monitoring modular, further includes authority parsing module:
The authority parsing module, for decompressing the APK file and carrying out decompiling, obtains AndroidManifest.xml configuration files;
The configuration file is progressively scanned, all permissions of the application requests are extracted.
B11, the device as described in b7, it is characterised in that the display module, are further used for:
The all permissions information of the application requests to extracting is entered row-column list and is shown to user by the control option of the authority information.
B12, the device as described in b7, it is characterised in that the permission configuration module, are further used for,
When the target authority in all permissions is opened by the selection of the control option receive user, if the operation application program, intercepts other authorities beyond the application requests target authority;
When the target authority in the selection closing all permissions by controlling option receive user, when running the application program, the target authority in all permissions of the application requests is intercepted.
Described above illustrates and describes some preferred embodiments of the present invention, but as previously mentioned, it should be understood that the present invention is not limited to form disclosed herein, it is not to be taken as the exclusion to other embodiment, and can be used for various other combinations, modification and environment, and can be modified by the technology or knowledge of above-mentioned teaching or association area in invention contemplated scope described herein.And change that those skilled in the art are carried out and change be without departing from the spirit and scope of the present invention, then all should be in the protection domain of claims of the present invention.

Claims (10)

1. a kind of authority control method of application program installation process, it is characterised in that
When having detected application program and installing, the erection schedule of the application program is intercepted, and monitoring is described The all permissions that application requests are obtained, and all permissions for being monitored are showed into user;
The operating process of monitoring users, when user's triggering installation function is detected, then responds the triggering and puts The row erection schedule and all permissions;
When detecting that the erection schedule is completed, the control option of all permissions is shown;
Operating result of the user to the control option of the System Privileges is obtained, and according to the operation knot Really, open target authority allowed to user in the application program is configured.
2. the method for claim 1, it is characterised in that intercept the installation of the application program Process, further includes,
The application programming interface of the application program is monitored using interrupt mechanism, so as to interrupt The erection schedule of the application program;
Behavior to the application program is monitored, by invocation framenort layer in the application program compile Journey interface, obtains the APK file comprising authority information;
The information of all permissions is obtained by parsing APK file.
3. the method that such as claim 2 is stated, it is characterised in that obtain described by parsing APK file The information of all permissions, further includes:
Decompress the APK file and carry out decompiling, obtain AndroidManifest.xml configuration files;
The configuration file is progressively scanned, all permissions of the application requests are extracted.
4. the method for claim 1, it is characterised in that detecting that the erection schedule completes When, the control option of all permissions is shown, is further included:
The all permissions information of the application requests to extracting enters row-column list and by the power The control option of limit information is shown to user.
5. the method for claim 1, it is characterised in that to user institute in the application program Allow open target authority to be configured, further include,
Target authority in the selection unlatching all permissions by the control option receive user When, if the operation application program, intercept other power beyond the application requests target authority Limit;
When the target authority in the selection closing all permissions by controlling option receive user, fortune During the row application program, the target authority in all permissions of the application requests is intercepted.
6. a kind of permission control device of application program installation process, it is characterised in that including following mould Block:
Authority monitoring modular, for when having detected application program and installing, intercepting the application program Erection schedule, monitors all permissions that the application requests are obtained;
Management module is installed, and for the operating process of monitoring users, installation function is triggered when user is detected, The triggering clearance erection schedule and all permissions are responded then;
Display module, for by the authority monitoring module monitors to all permissions show use Family;For when detecting that the erection schedule is completed, showing the control option of all permissions;
Permission configuration module, for obtaining operating result of the user to the control option of the System Privileges, And according to the operating result, open target authority allowed to user in the application program is matched somebody with somebody Put.
7. device as claimed in claim 6, it is characterised in that the authority monitoring modular, enters one Step includes monitoring module,
The monitoring module, for the application programming interface using interrupt mechanism to the application program Monitored, so as to interrupt the erection schedule of the application program;
Behavior to the application program is monitored, and is connect by the application programming in invocation framenort layer Mouthful, obtain the APK file comprising authority information;
The information of all permissions is obtained by parsing APK file.
8. the method that such as claim 7 is stated, it is characterised in that the authority monitoring modular, further Including authority parsing module:
The authority parsing module, for decompressing the APK file and carrying out decompiling, obtains AndroidManifest.xml configuration files;
The configuration file is progressively scanned, all permissions of the application requests are extracted.
9. method as claimed in claim 6, it is characterised in that the display module, further uses In:
The all permissions information of the application requests to extracting enters row-column list and by the power The control option of limit information is shown to user.
10. method as claimed in claim 6, it is characterised in that the permission configuration module, enters one Walking is used for,
Target authority in the selection unlatching all permissions by the control option receive user When, if the operation application program, intercept other power beyond the application requests target authority Limit;
When the target authority in the selection closing all permissions by controlling option receive user, fortune During the row application program, the target authority in all permissions of the application requests is intercepted.
CN201510642299.5A 2015-09-30 2015-09-30 A kind of authority control method and device of application program installation process Pending CN106557687A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510642299.5A CN106557687A (en) 2015-09-30 2015-09-30 A kind of authority control method and device of application program installation process

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510642299.5A CN106557687A (en) 2015-09-30 2015-09-30 A kind of authority control method and device of application program installation process

Publications (1)

Publication Number Publication Date
CN106557687A true CN106557687A (en) 2017-04-05

Family

ID=58418202

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510642299.5A Pending CN106557687A (en) 2015-09-30 2015-09-30 A kind of authority control method and device of application program installation process

Country Status (1)

Country Link
CN (1) CN106557687A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107506637A (en) * 2017-08-17 2017-12-22 珠海市魅族科技有限公司 Information displaying method and device, terminal and readable storage medium storing program for executing
CN109522741A (en) * 2018-10-24 2019-03-26 维沃移动通信有限公司 A kind of application program permission reminding method and its terminal device
CN110781483A (en) * 2019-11-05 2020-02-11 深圳市欧瑞博科技有限公司 Control method, platform and storage medium for intelligent household control program transmission permission
CN110851863A (en) * 2019-11-07 2020-02-28 北京无限光场科技有限公司 Application program authority control method and device and electronic equipment
CN111259374A (en) * 2020-01-08 2020-06-09 苏宁云计算有限公司 Authority abnormity detection method and device, computer equipment and storage medium
CN112052030A (en) * 2020-08-24 2020-12-08 东风汽车有限公司 Interface authority configuration method, storage medium and system of vehicle-mounted application program

Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102200922A (en) * 2011-04-06 2011-09-28 宇龙计算机通信科技(深圳)有限公司 Application program installation method and terminal
CN102289633A (en) * 2011-09-02 2011-12-21 广东欧珀移动通信有限公司 Method for managing dynamic permission of application program under Android platform
CN102426639A (en) * 2011-09-26 2012-04-25 宇龙计算机通信科技(深圳)有限公司 Information security monitoring method and device
CN103136472A (en) * 2011-11-29 2013-06-05 腾讯科技(深圳)有限公司 Method and mobile device of stopping application program to steal privacy
CN103268451A (en) * 2013-06-08 2013-08-28 上海斐讯数据通信技术有限公司 Dynamic permission management system based on mobile terminal
CN103617380A (en) * 2013-11-28 2014-03-05 北京邮电大学 Application program authority dynamic control method and system
CN103761471A (en) * 2014-02-21 2014-04-30 北京奇虎科技有限公司 Application program installation method and device based on intelligent terminal
CN103839000A (en) * 2014-02-21 2014-06-04 北京奇虎科技有限公司 Application program installation method and device based on intelligent terminal equipment
CN103870306A (en) * 2014-02-21 2014-06-18 北京奇虎科技有限公司 Method and device for installing application program on basis of intelligent terminal equipment
CN103914312A (en) * 2012-12-31 2014-07-09 联想(北京)有限公司 Application processing method, application processing device and electronic device
CN104199703A (en) * 2014-09-05 2014-12-10 北京奇虎科技有限公司 Unattended setup management method and device
CN104462970A (en) * 2014-12-17 2015-03-25 中国科学院软件研究所 Android application program permission abuse detecting method based on process communication

Patent Citations (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN102200922A (en) * 2011-04-06 2011-09-28 宇龙计算机通信科技(深圳)有限公司 Application program installation method and terminal
CN102289633A (en) * 2011-09-02 2011-12-21 广东欧珀移动通信有限公司 Method for managing dynamic permission of application program under Android platform
CN102426639A (en) * 2011-09-26 2012-04-25 宇龙计算机通信科技(深圳)有限公司 Information security monitoring method and device
CN103136472A (en) * 2011-11-29 2013-06-05 腾讯科技(深圳)有限公司 Method and mobile device of stopping application program to steal privacy
CN103914312A (en) * 2012-12-31 2014-07-09 联想(北京)有限公司 Application processing method, application processing device and electronic device
CN103268451A (en) * 2013-06-08 2013-08-28 上海斐讯数据通信技术有限公司 Dynamic permission management system based on mobile terminal
CN103617380A (en) * 2013-11-28 2014-03-05 北京邮电大学 Application program authority dynamic control method and system
CN103761471A (en) * 2014-02-21 2014-04-30 北京奇虎科技有限公司 Application program installation method and device based on intelligent terminal
CN103839000A (en) * 2014-02-21 2014-06-04 北京奇虎科技有限公司 Application program installation method and device based on intelligent terminal equipment
CN103870306A (en) * 2014-02-21 2014-06-18 北京奇虎科技有限公司 Method and device for installing application program on basis of intelligent terminal equipment
CN104199703A (en) * 2014-09-05 2014-12-10 北京奇虎科技有限公司 Unattended setup management method and device
CN104462970A (en) * 2014-12-17 2015-03-25 中国科学院软件研究所 Android application program permission abuse detecting method based on process communication

Cited By (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN107506637A (en) * 2017-08-17 2017-12-22 珠海市魅族科技有限公司 Information displaying method and device, terminal and readable storage medium storing program for executing
CN107506637B (en) * 2017-08-17 2020-11-20 珠海市魅族科技有限公司 Information display method and device, terminal and readable storage medium
CN109522741A (en) * 2018-10-24 2019-03-26 维沃移动通信有限公司 A kind of application program permission reminding method and its terminal device
CN109522741B (en) * 2018-10-24 2020-06-16 维沃移动通信有限公司 Application program permission prompting method and terminal equipment thereof
CN110781483A (en) * 2019-11-05 2020-02-11 深圳市欧瑞博科技有限公司 Control method, platform and storage medium for intelligent household control program transmission permission
CN110851863A (en) * 2019-11-07 2020-02-28 北京无限光场科技有限公司 Application program authority control method and device and electronic equipment
CN110851863B (en) * 2019-11-07 2022-06-03 北京无限光场科技有限公司 Application program authority control method and device and electronic equipment
CN111259374A (en) * 2020-01-08 2020-06-09 苏宁云计算有限公司 Authority abnormity detection method and device, computer equipment and storage medium
WO2021139139A1 (en) * 2020-01-08 2021-07-15 苏宁云计算有限公司 Permission abnormality detection method and apparatus, computer device, and storage medium
CN111259374B (en) * 2020-01-08 2021-10-12 南京苏宁加电子商务有限公司 Authority abnormity detection method and device, computer equipment and storage medium
CN112052030A (en) * 2020-08-24 2020-12-08 东风汽车有限公司 Interface authority configuration method, storage medium and system of vehicle-mounted application program
CN112052030B (en) * 2020-08-24 2024-06-21 东风汽车有限公司 Interface authority configuration method, storage medium and system for vehicle-mounted application program

Similar Documents

Publication Publication Date Title
CN106557669A (en) A kind of authority control method and device of application program installation process
US9165139B2 (en) System and method for creating secure applications
JP5891414B2 (en) Information processing apparatus and method for preventing unauthorized application cooperation
Stevens et al. Asking for (and about) permissions used by android apps
US8893222B2 (en) Security system and method for the android operating system
US8769305B2 (en) Secure execution of unsecured apps on a device
CN106557687A (en) A kind of authority control method and device of application program installation process
US20150332043A1 (en) Application analysis system for electronic devices
JP2007316637A (en) Screensaver for individual application program
Zdziarski Hacking and securing iOS applications
CN103403669A (en) Securing and managing APPs on a device
WO2013184799A1 (en) Evaluating whether to block or allow installation of a software application
Burns Developing secure mobile applications for android
CN107077565A (en) The collocation method and equipment of a kind of safe configured information
US20180046798A1 (en) Mining Sandboxes
CN113360856A (en) Policy setting system and method based on authority control
Kern et al. Permission tracking in Android
CN111709054B (en) Privacy space information access control method and device and computer equipment
CN111222122A (en) Application authority management method and device and embedded equipment
KR20090003050A (en) Apparatus and method for managing execution of activex control
Nazar et al. Rooting Android–Extending the ADB by an auto-connecting WiFi-accessible service
Jeong et al. SafeGuard: a behavior based real-time malware detection scheme for mobile multimedia applications in android platform
Chuang et al. Digital right management and software protection on Android phones
CN110580179A (en) information processing method and device, electronic device and storage medium
Rubio-Medrano et al. DyPolDroid: Protecting Users and Organizations from Permission-Abuse Attacks in Android

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication

Application publication date: 20170405

RJ01 Rejection of invention patent application after publication