CN104484259A - Application program traffic monitoring method and device, and mobile terminal - Google Patents

Abstract

The invention discloses an application program traffic monitoring method. The method comprises the steps that according to the identification of a detected application program, all the links initiated by the detected application program are determined; the effective links in all the links are recognized, statistics is carried out on the traffic used by the effective links, and the quantity of traffic obtained through statistics is used as the quantity of the traffic of the detected application program. According to the technical scheme, by determining all the links initiated by the detected application program, statistics can be carried out on the traffic used by the detected application program for initiating all the links, the quantity of traffic obtained through statistics is used as the quantity of the traffic of the detected application program, and therefore the traffic of application programs can be accurately, effectively and comprehensively monitored.

Description

Application flow monitoring method, device and mobile terminal

technical field

The present invention relates to Internet technology, in particular to a flow monitoring method, device and mobile terminal of an application program.

Background technique

Nowadays, most of the mobile terminals have the function of surfing the Internet, especially with the popularity of smart phones, people have been brought into the Internet era, and mobile terminals are generally installed with a large number of applications, and access to the network through applications to obtain information, At the same time, the data traffic of the mobile terminal will be consumed.

In practical applications, some criminals develop malicious applications. Even if the user does not use the application, the application will still run in the background, which greatly increases the traffic consumption of the mobile terminal, which not only quickly consumes the power of the user's mobile device, It is also possible to add a large amount of additional traffic charges to users.

In the prior art, the general traffic monitoring software can only monitor the total data traffic consumed by the mobile terminal, but cannot separately count the traffic of each application program, so there is a problem of low accuracy of traffic monitoring.

Contents of the invention

To this end, the embodiments of the present invention provide a method, device and mobile terminal for monitoring the flow of application programs, so as to accurately monitor the flow of application programs.

The embodiment of the present invention adopts following technical scheme:

In the first aspect, a flow monitoring method of an application program is provided, including:

determining all links initiated by the detected application according to the identifier of the detected application;

The traffic used by all the links initiated by the detected application is counted, and the counted traffic is used as the traffic of the detected application.

With reference to the first aspect, in a first possible implementation manner, the identifying valid links in all the links includes:

Analyzing the URIs corresponding to all the links, and obtaining the host domain names corresponding to all the links;

Judging whether the host domain names corresponding to all the links exist in the preset host blacklist, and determining that the links corresponding to the host domain names existing in the preset host blacklist are invalid links and do not exist in the preset host blacklist The links corresponding to the host domain names in the list are valid links.

With reference to the first possible implementation manner, in a second possible implementation manner, the application traffic monitoring method further includes: determining the consumed traffic corresponding to the invalid link, and using the consumed traffic as the corresponding saved traffic.

With reference to the first aspect, in a third possible implementation manner, after using the counted traffic as the traffic of the detected application program, it includes:

The traffic of the detected application is displayed through the user interface of the mobile terminal installed with the detected application.

With reference to the first aspect, in a fourth possible implementation manner, after using the counted traffic as the traffic of the detected application program, it includes:

comparing the traffic of the detected application with a preset traffic threshold of the detected application, if the traffic of the detected application is greater than or equal to the traffic threshold of the detected application , performing a traffic warning prompt through the user interface of the mobile terminal.

With reference to the fourth possible implementation manner, in the fifth possible implementation manner, after performing the traffic warning prompt through the user interface of the mobile terminal, it includes:

receiving user operation information sent by the mobile terminal, where the user operation information is information on operations performed by the user on the detected application program through the user interface of the mobile terminal, including closing or prohibiting the operation of the application program information, or include operational information for adding the detected application to a traffic blacklist;

Perform relevant operations according to the user operation information, including closing the detected application program, or prohibiting the application program from connecting to the network, or saving the identification of the detected application program in the traffic blacklist .

In the second aspect, an application traffic monitoring device is provided, including:

A determining unit, configured to determine all links initiated by the detected application program according to the identifier of the detected application program;

The statistical unit is configured to count the traffic used by all the links initiated by the detected application, and use the counted traffic as the traffic of the detected application.

With reference to the second aspect, in a first possible implementation manner, the statistical unit includes:

The parsing subunit is configured to parse the URIs corresponding to all the links, and obtain the host domain names corresponding to all the links;

The judging subunit is used to judge whether the host domain names corresponding to all the links exist in the preset host blacklist, and determine that the links corresponding to the host domain names in the preset host blacklist are invalid links and do not exist in the default host blacklist. Links corresponding to host domain names in the preset host blacklist are valid links.

With reference to the first possible implementation manner, in a second possible implementation manner, the apparatus further includes a saving unit configured to determine the consumption flow corresponding to the invalid link, and use the consumption flow as the corresponding saving flow.

With reference to the second aspect, in a third possible implementation manner, the device further includes:

The display unit is configured to display the traffic of the detected application program through the user interface of the mobile terminal installed with the detected application program.

With reference to the second aspect, in a fourth possible implementation manner, the device further includes:

a judging unit, configured to compare the traffic of the detected application with a preset traffic threshold of the detected application, and if the traffic of the detected application is greater than or equal to the traffic of the detected application When the flow threshold of the program is reached, the user interface of the mobile terminal is used to provide a flow warning prompt.

With reference to the fourth possible implementation manner, in a fifth possible implementation manner, the judging unit includes:

The receiving subunit is configured to receive user operation information sent by the mobile terminal, the user operation information is information about the operation performed by the user on the detected application program through the user interface of the mobile terminal, including closing or prohibiting The operation information of the application program, or include the operation information of adding the detected application program to the traffic blacklist;

An operation subunit, configured to perform related operations according to the user operation information, including closing the detected application program, or prohibiting the application program from connecting to the network, or saving the identification of the detected application program in the In the traffic blacklist.

In a third aspect, a mobile terminal is provided, including: the apparatus for monitoring traffic of an application program described in the second aspect or any one of the first to fifth possible implementation manners of the second aspect.

Different from the prior art, the above technical solution can count the traffic used by all the links initiated by the detected application by determining all the links initiated by the detected application, and use the counted traffic as the The flow of the detected application program, so as to realize the accurate, effective and comprehensive monitoring of the flow of each application program.

Description of drawings

FIG. 1 is a schematic flowchart of a method for monitoring traffic of an application program in Embodiment 1 of the present invention; FIG. 2 is a schematic flowchart of a method for monitoring traffic of an application program in Embodiment 2 of the present invention;

FIG. 3a is a schematic diagram of a user interface display flow provided by a mobile terminal according to an embodiment of the present invention;

Fig. 3b is one of the schematic diagrams of the user interface provided by the mobile terminal according to an embodiment of the present invention to display and intercept the application program running in the background;

Fig. 3c is the second schematic diagram of the user interface provided by the mobile terminal according to an embodiment of the present invention to display and intercept the application program running in the background;

Fig. 3d is the third schematic diagram of the user interface provided by the mobile terminal according to an embodiment of the present invention to display and intercept the application program running in the background;

FIG. 4 is a schematic flowchart of a traffic monitoring method for an application program in Embodiment 3 of the present invention;

FIG. 5 is a schematic flow diagram of a part of the traffic monitoring method of an application program in Embodiment 3 of the present invention;

FIG. 6 is a block diagram of a flow monitoring device of an application program according to Embodiment 4 of the present invention;

FIG. 7 is a schematic diagram of another module of the flow monitoring device of the fourth application program of the present invention;

FIG. 8 is a block diagram of a judgment unit in Embodiment 4 of the present invention;

9 is a schematic diagram of a flow monitoring system applicable to Embodiment 5 of the present invention;

Fig. 10 is a system schematic diagram of another flow monitoring system applicable to the embodiment of the present invention.

Detailed ways

In order to explain in detail the technical content, structural features, achieved goals and effects of the technical solution, the following will be described in detail in conjunction with specific embodiments and accompanying drawings.

Embodiments of the invention may be applied to computer systems/servers that are operational with numerous other general purpose or special purpose computing system environments or configurations. Examples of well-known computing systems, environments and/or configurations suitable for use with computer systems/servers include, but are not limited to: personal computer systems, server computer systems, thin clients, thick clients, handheld or laptop devices, Microprocessor-based systems, set-top boxes, programmable consumer electronics, networked personal computers, minicomputer systems, mainframe computer systems, and distributed cloud computing technology environments including any of the above, etc.

Computer systems/servers may be described in the general context of computer system-executable instructions, such as program modules, being executed by the computer system. Generally, program modules may include routines, programs, objects, components, logic, data structures, etc., that perform particular tasks or implement particular abstract data types. The computer system/server can be practiced in distributed cloud computing environments where tasks are performed by remote processing devices that are linked through a communications network. In a distributed cloud computing environment, program modules may be located in both local and remote computing system storage media including storage devices.

In the embodiment of the present invention, in order to facilitate the use of VPN (Virtual Private Network, Virtual Private Network) services, the operating system of the client opens a plurality of system interfaces (APIs), and the VPN service can be controlled and managed with the confirmation of the user. Permissions for other apps. The embodiment of the present invention opens the VPN service inside the client by calling the API provided by the operating system. When other applications on the client want to access the network, all network connection requests initiated by the application are processed by the local VPN service, so that the client can Efficient and secure access to network resources.

When the client installs or starts the independent application (hereinafter referred to as the application of the present invention) for realizing the solution of the present invention for the first time, the application of the present invention needs to create a local VPN service. At this time, the application of the present invention sends a trust or distrust to the user. If the user chooses to trust the prompt information, the application of the present invention creates a local VPN service. After the local VPN service is created, because the applications in the VPN framework are allowed to have higher control over other applications within the framework of the operating system, the application of the present invention has a higher level of control over network connections than other applications. When the user wants to use some applications and wishes to process the network connections initiated by these applications during the use of these applications, start the above-mentioned application of the present invention for creating local VPN services, click the setting switch of the application of the present invention to start the VPN client . After starting the VPN client, execute the method provided in this embodiment.

Embodiment one

The embodiment of the present invention can be based on the working principle of the VPN of the mobile terminal, the mobile terminal is installed with at least one application program, and the at least one application program can be set as the detected application program; it can also be based on the mobile terminal installed on the terminal. Terminal The working principle of the mobile terminal is that the terminal may be a mobile terminal or a handheld electronic device, and the terminal is installed with at least one application program, and the at least one application program may be set as the detected application program.

In the embodiment of the present invention, the mobile terminal sends the uplink compressed data packet to the billing system (not shown in the drawings) through the established VPN tunnel, and the billing system counts the data volume of the uplink compressed data packet, and converts the data volume into The fee information is recorded into the bill; then, the billing system forwards the uplink compressed data packet to the VPN server. Here, the transmission of data packets does not occur on the public network, but on the virtual private network, which can prevent data from being stolen by unauthorized users and improve the security of data transmission.

For ease of description, it is assumed that this embodiment is based on the working principle of a mobile terminal. Please refer to FIG. 1, which shows a schematic flow chart of the flow monitoring method of the application program in this embodiment, the method comprising:

S101. Determine all links initiated by the detected application according to the detected application ID; here, the detected application ID is unique in the operating system of the mobile terminal and is identical to the detected Apps correspond one-to-one. The data flow of the application program is marked with the unique identifier of the application program, according to the unique identifier (ie the identification mentioned above), and through the traffic status acquisition interface (android.net.TrafficStats) of the mobile terminal, the interface A variety of static methods are provided, which can be directly called to obtain the data flow corresponding to the application.

Before extracting the data flow, first obtain the unique identifier of the application (that is, the identifier mentioned above), the unique identifier is stored in the mobile terminal, and can be obtained through the pre-set calling function. Taking the Andriod system as an example, through the ActivityManager we can Get running activities in the system, including process (Process), application program/package, service (Service), task (Task) information, use ActivityManager's getRunningAppProces (get running process information) method to get RunningAppProcessInfo (running Process information), there will be a unique identifier UID in RunningAppProcessInfo.

S102. Identify valid links among all the links, and count traffic used by the valid links, and use the counted traffic as traffic of the detected application program.

Here, it should be noted that, compared with the method of determining the traffic of the corresponding application program through the process, the method of determining the traffic corresponding to the application program through the application program identifier is more accurate. Because when an application initiates a link that is an invalid link, the application does not consume traffic, but the process of the link still exists in the background of the terminal, so when the traffic of the corresponding application is determined by the running process, it will be more than the actual consumption. The traffic of the corresponding application is large, so this method cannot accurately count the traffic consumed by the corresponding application; and the method of determining the traffic of the corresponding application through the process will also use the communication traffic between the processes in the system as the consumption between the corresponding applications Traffic, obviously these traffic is not based on the traffic generated by the operator, but the amount of data communicated between internal components of the system, and it is unreasonable and inaccurate to count these traffic as the consumption traffic of the corresponding application. The method of determining the traffic of the corresponding application based on the application identifier is to determine the valid link of the corresponding application, and does not count the consumption traffic of the invalid link, and does not count the amount of data communicated between the internal components of the system. It can be known from the above that the method of determining the traffic of the corresponding application based on the application identifier is more reasonable and accurate.

Here, the so-called effective link means that the current terminal has established a data link with the opposite end, and can realize effective data communication between the two terminals.

In this embodiment, by determining all valid links initiated by the detected application, the traffic used by all valid links initiated by the detected application can be counted, and the counted traffic can be used as the detected application Program traffic, so as to achieve accurate, effective and comprehensive monitoring of the traffic of each application program.

Specifically, the identification of valid links among all the links may be implemented in the following ways, including:

Analyzing the URIs corresponding to all the links, and obtaining the host domain names corresponding to all the links;

Judging whether the host domain names corresponding to all the links exist in the preset host blacklist, and determining that the links corresponding to the host domain names existing in the preset host blacklist are invalid links and do not exist in the preset host blacklist The links corresponding to the host domain names in the list are valid links.

In the embodiment of the present invention, in addition to the host blacklist, a blacklist website list and a whitelist website list can also be set in advance, and the website addresses of safe and credible websites and payment websites or websites are stored in the whitelist website list. Other information; Wherein, described safe, credible shopping class website and payment class website can be the website that has gone through pre-authentication, can pass through monitoring server in advance according to the server information of webpage: URL, HOST, network interconnection protocol (Internet Protocol, IP), and related information about the domain name of the web page: Internet Content Provider (Internet Content Provider, ICP) record information (for example, sponsor name, sponsor nature, business scope, review time, etc.), WHOIS information (for example, registration provider, domain name server, related websites, domain name system server, domain name status, update time, creation time, expiration time, weight of domain name in other search engines and page indexing volume, etc.) URLs of shopping websites and payment websites or other website information, among which, dangerous shopping websites and payment websites include phishing websites, malicious links, websites with Trojan horses or viruses, so as to check whether a certain link is valid judge.

When it is determined that a certain link is an invalid link, the request corresponding to the certain link is not returned to the detected application program, thereby saving the traffic of the invalid link. Further, in this embodiment of the present invention, the consumed traffic corresponding to the invalid link may be determined, and the consumed traffic may be used as the saved traffic corresponding to the detected application program. Furthermore, the corresponding saved traffic can also be displayed on the graphical user interface of the mobile terminal, and the specific parameters of saved traffic can be displayed in a more vivid form, as shown in FIG. 3a. The embodiment of the present invention can also identify the source of the invalid link according to the host domain name (host domain name) corresponding to the invalid link, to count which detected application programs are intercepted based on the invalid link, and the total number of intercepted times, for example: identifiable Some plug-in advertisements or some illegal content advertisements are advertisements of which company, and the detected applications based on which these plug-in advertisements are blocked and the number of blocked times can be counted.

Specifically, in this embodiment, the uplink traffic of the invalid link may be acquired, and the corresponding downlink traffic may be determined according to the relationship between the uplink traffic and the downlink traffic, and the uplink traffic and the downlink traffic may be used as the corresponding saving traffic. For flow, it is mainly divided into:

Normal traffic consumption:

The traffic generated during the period when the user actively uses the application (from the user opening the application to exiting the application).

Background download authorized by the user (for example, the user still downloads the application after opting out in the 360 mobile assistant), the traffic consumed.

During background operation, a small amount of traffic is consumed to maintain normal functions. For example, Tencent News will continue to connect to the Internet in the background, and when there are major news events, users can be notified in time.

Sneaky traffic:

The app has never been used by the user since it was turned on this time, and the traffic it consumes is stealth traffic.

The app still consumes a lot of traffic long after the user logs out.

The data consumed by the application, which is automatically loaded and connected to the network after the application is launched from the communication device, and the user has never used the application; and,

After the user chooses to quit the application program used by the user, after the preset download time threshold is exceeded, and the traffic consumed exceeds the preset monitoring traffic threshold.

Furthermore, this embodiment can also reduce the occurrence of "stealing traffic". When the upgrade logic of some applications is unreasonable, for example, when the network environment of the mobile terminal changes from wifi to 3G/2G, but still continues to update a certain application A, or when the application market automatically updates a certain application in the background For application B, the mobile terminal will send the real-time statistical traffic to the server for analysis. When the server analyzes that the traffic of application A is too large due to changes in the network environment or the traffic of application B is automatically updated in the background When it is too large, it will send corresponding interception suggestions to the mobile terminal. For example, for application A, it will issue a prompt message "The network environment has changed from wifi to mobile data network, continuing to update will cause a lot of cost" and displayed on the mobile terminal. For the application program B, an interception instruction will be sent to the mobile terminal, and the mobile terminal will directly close the update process of the application program B after receiving the interception instruction. In addition, the technical solution provided by this embodiment can also be used to count and display the traffic consumption of corresponding applications.

Specifically, the record results for a certain Android application program may contain information indicating security levels such as safety, danger, caution, or Trojan horses. In addition, the security detection results may also include behavior descriptions related to security levels, software descriptions, At least one piece of prompt information such as a time stamp, for example, the prompt information corresponding to the level of "cautious" may be "may result in fee deduction, whether to choose to delete the application".

More specifically, in a preferred embodiment, the security detection result may include security level, behavior description information, software description information and time stamp information. in:

Security level: It can be represented by a 32-bit integer, which can represent four security levels of security, danger, caution, or Trojan horse. The definition of each security level is as described above.

For example, behavior description information: can be represented by a 32-bit (0-31) integer, and can represent software behavior descriptions of various security levels. Among them, one bit can be selected to indicate the flag bit, and the flag bit is 0 to indicate no malicious behavior. If there is malicious behavior, it can be defined: the first bit represents "secretly downloading in the background", the second bit represents "privately sending SMS", and the third bit represents bit for "contains ads", etc. That is, each bit can independently represent a behavioral description of a software.

For the case of secretly downloading in the background, the program is considered to be a blacklist program, and the network behavior of such programs can be considered to be interrupted or closed. When it is judged that the process type of any computer application program is a black process in the blacklist, any operation performed on the application program can display information in a pop-up box on the user interface, prompting the user to process and so on.

After the application of the present invention creates the local VPN service, the application of the present invention has a higher level of control over network connections than other applications. When other applications send a network connection request, the application of the present invention can intercept the network connection request, and redirect the network connection request to the local service process in the application of the present invention for subsequent processing. Taking application A as an example, when the user starts application A to initiate a network connection request to access the content of application A, since the application of the present invention has a higher level of control over the network connection than application A, the application of the present invention intercepts the network connection request and sends the network connection request Redirect to the local service process in the application of the present invention for subsequent processing.

Embodiment two

In the embodiment of the present invention, when other applications send a network connection request, the application of the present invention can intercept the network connection request, and redirect the network connection request to the local service process in the application of the present invention for subsequent processing. Taking the microblog application as an example, when the user starts the microblog application to initiate a network connection request to access the content of the microblog, since the application of the present invention has a higher level of control over the network connection than the microblog application, the application of the present invention intercepts the network connection request and will The network connection request is redirected to the local service process in the application of the present invention for subsequent processing.

For ease of description, it is assumed that this embodiment is based on the working principle of a mobile terminal. In this embodiment, the mobile terminal is further installed with traffic monitoring software, which is used to display the traffic of the detected application program through the user interface of the mobile terminal.

Please refer to FIG. 2, which shows a schematic flow chart of the flow monitoring method of the application program in this embodiment, and the method includes:

S201. Determine all links initiated by the detected application according to the detected application ID; here, the detected application ID is unique in the operating system of the mobile terminal and is identical to the detected Apps correspond one-to-one. The data flow of the application program is marked with the unique identifier of the application program, according to the unique identifier (ie the identification mentioned above), and through the traffic status acquisition interface (android.net.TrafficStats) of the mobile terminal, the interface A variety of static methods are provided, which can be directly called to obtain the data flow corresponding to the application.

Before extracting the data flow, first obtain the unique identifier of the application (that is, the identifier mentioned above), the unique identifier is stored in the mobile terminal, and can be obtained through the pre-set calling function. Taking the Andriod system as an example, through the ActivityManager we can Get running activities in the system, including process (Process), application program/package, service (Service), task (Task) information, use ActivityManager's getRunningAppProces (get running process information) method to get RunningAppProcessInfo (running Process information), there will be a unique identifier UID in RunningAppProcessInfo.

S202. Obtain valid links among all the links, and count the traffic used by the valid links, and use the counted traffic as the traffic of the detected application program.

Here, it should be noted that, compared with the method of determining the traffic of the corresponding application program through the process, the method of determining the traffic corresponding to the application program through the application program identifier is more accurate. Because when an application initiates a link that is an invalid link, the application does not consume traffic, but the process of the link still exists in the background of the terminal, so when the traffic of the corresponding application is determined by the running process, it will be more than the actual consumption. The traffic of the corresponding application is large, so this method cannot accurately count the traffic consumed by the corresponding application; and the method of determining the traffic of the corresponding application through the process will also use the communication traffic between the processes in the system as the consumption between the corresponding applications Traffic, obviously these traffic is not based on the traffic generated by the operator, but the amount of data communicated between internal components of the system, and it is unreasonable and inaccurate to count these traffic as the consumption traffic of the corresponding application. The method of determining the traffic of the corresponding application based on the application identifier is to determine the valid link of the corresponding application, and does not count the consumption traffic of the invalid link, and does not count the amount of data communicated between the internal components of the system. It can be known from the above that the method of determining the traffic of the corresponding application based on the application identifier is more reasonable and accurate.

Here, the so-called effective link means that the current terminal has established a data link with the opposite end, and can realize effective data communication between the two terminals. Specifically, the identification of valid links among all the links may be implemented in the following ways, including:

Analyzing the URIs corresponding to all the links, and obtaining the host domain names corresponding to all the links;

Judging whether the host domain names corresponding to all the links exist in the preset host blacklist, and determining that the links corresponding to the host domain names existing in the preset host blacklist are invalid links and do not exist in the preset host blacklist The links corresponding to the host domain names in the list are valid links.

When it is determined that a certain link is an invalid link, the request corresponding to the certain link is not returned to the detected application program, thereby saving the traffic of the invalid link. Further, in this embodiment of the present invention, the consumed traffic corresponding to the invalid link may be determined, and the consumed traffic may be used as the saved traffic corresponding to the detected application program. Furthermore, the corresponding saved traffic can also be displayed on the graphical user interface of the mobile terminal, and the specific parameters of saved traffic can be displayed in a more vivid form, as shown in FIG. 3a. The embodiment of the present invention can also identify the source of the invalid link according to the host domain name (host domain name) corresponding to the invalid link, to count which detected application programs are intercepted based on the invalid link, and the total number of intercepted times,

For example: It can identify which company's advertisements some plug-in advertisements or some illegal content advertisements belong to, and can count the detected applications based on which these plug-in advertisements are blocked and the number of times they are blocked.

Specifically, in this embodiment, the uplink traffic of the invalid link may be acquired, and the corresponding downlink traffic may be determined according to the relationship between the uplink traffic and the downlink traffic, and the uplink traffic and the downlink traffic may be used as the corresponding saving traffic.

S203. Display the traffic of the detected application program through the user interface of the mobile terminal.

Specifically, in this embodiment, the user interface shown in FIG. 3a can respectively display the traffic counted by each application program at a certain time in a certain day, the total traffic used in a certain day, and the total traffic saved in a certain day, for example, as of yesterday At 22:54, the background traffic usage was 482.7k. Yesterday, a total of 784.k traffic was used, saving a total of 206.8k traffic.

Click the "Networking Firewall" in Figure 3a, and the user interface shown in Figure 3b will appear. In Figure 3b, the local service process of the mobile terminal determines and counts that the mobile terminal has 50 applications running in the background, and displays and recommends " One-key optimization” function, users only need to click the “one-key optimization” button to optimize these 50 applications running in the background at the same time, so that they are prohibited from connecting to the Internet. Click "2/3/4G Prohibited" and "Background 2/3/4G Prohibited", and you can see the applications under the corresponding list, as shown in Figure 3c. Here, it needs to be explained that under the list of "Background 2/3/4G" are all types of applications that are banned, including applications running in the background and front-end, while the list of "Background 2/3/4G" Below are the apps that are banned from running in the background.

If the user wants to check which application programs are applications running in the background or only wants to optimize some applications running in the background, it can be realized through the interface embodiment shown in FIG. 3d. For example, in Figure 3d, when applications such as "Happy Xiaoxiaole" and "UC Browser" are running in the background, these applications will be counted out and "one-key optimization" will be prompted. It is recommended that users click "one-key optimization" to enable The counted applications are prohibited from connecting to the Internet. The mobile terminal can also directly perform selection and optimization of certain application programs through Fig. 3d.

The applications recorded in the background traffic whitelist may be instant messaging applications, such as QQ, WeChat, etc., and these applications recorded in the background traffic whitelist are applications that are allowed to generate background traffic. If it is determined that the first application program does not belong to the application recorded in the background traffic whitelist, then a prompt message is sent to prompt the user to choose to prohibit the network connection behavior of the first application program from generating background traffic.

If it is determined that the first application program belongs to the application recorded in the background traffic whitelist, then according to the above-mentioned process of the embodiment of the present invention, it is judged whether the background traffic generated by the first application program exceeds the preset traffic threshold.

This embodiment can not only realize accurate, effective and comprehensive monitoring of the flow of each application program, but also display the flow of the detected application program, so as to show the user the flow consumption of each application program in the mobile terminal from time to time. Furthermore, this embodiment can also implement a traffic map drawing function, which is used to display and remind the user of the traffic used every day. This embodiment can also realize the function of prohibiting/allowing networking of the application program. When the user finds that the traffic of an application program is abnormal, the networking function of the application program can be prohibited through this function, so as to reduce the consumption of unnecessary traffic.

Furthermore, this embodiment can also reduce the occurrence of "stealing traffic". For example, whether the name of application A is included in the whitelist or blacklist in the predefined database, and/or determine whether the information of the malicious application A includes characteristic data of sneak traffic in the predefined database.

When the upgrade logic of some applications is unreasonable, for example, when the network environment of the mobile terminal changes from wifi to 3G/2G, but still continues to update a certain application A, or when the application market automatically updates a certain application in the background For application B, the mobile terminal will send the real-time statistical traffic to the server for analysis. When the server analyzes that the traffic of application A is too large due to changes in the network environment or the traffic of application B is automatically updated in the background When it is too large, it will send corresponding interception suggestions to the mobile terminal. For example, for application A, it will issue a prompt message "The network environment has changed from wifi to mobile data network, continuing to update will cause a lot of cost" and displayed on the mobile terminal. For the application program B, an interception instruction will be sent to the mobile terminal, and the mobile terminal will directly close the update process of the application program B after receiving the interception instruction. In addition, the technical solution provided by this embodiment can also be used to count and display the traffic consumption of the corresponding application program, and display it through the user interface, and the user can reduce the risk of "stealing traffic" by prohibiting/allowing the networking function occur. Or, when the present embodiment finds that the above-mentioned "stealing traffic" situation occurs, an alarm message of this situation is displayed through the user interface, and the user is reminded to close the "stealing traffic" application program by prohibiting/allowing the networking function.

Embodiment Three

The embodiment of the present invention can be based on the working principle of the mobile terminal, the mobile terminal is installed with at least one application program, and the at least one application program can be set as the detected application program; it can also be based on the mobile terminal mobile terminal installed in the terminal The working principle of the terminal mobile terminal, the terminal may be a mobile terminal or a handheld electronic device, the terminal is installed with at least one application program, and the at least one application program can be set as the detected application program.

For ease of description, it is assumed that this embodiment is based on the working principle of a mobile terminal. In this embodiment, the mobile terminal is further installed with traffic monitoring software, which is used to display the traffic of the detected application program through the user interface of the mobile terminal.

Please refer to FIG. 4, which shows a schematic flow chart of the flow monitoring method of the application program in this embodiment, and the method includes:

S401. Determine all links initiated by the detected application according to the detected application ID; here, the detected application ID is unique in the operating system of the mobile terminal and is identical to the detected Apps correspond one-to-one. The data flow of the application program is marked with the unique identifier of the application program, according to the unique identifier (ie the identification mentioned above), and through the traffic status acquisition interface (android.net.TrafficStats) of the mobile terminal, the interface A variety of static methods are provided, which can be directly called to obtain the data flow corresponding to the application.

Before extracting the data flow, first obtain the unique identifier of the application (that is, the identifier mentioned above), the unique identifier is stored in the mobile terminal, and can be obtained through the pre-set calling function. Taking the Andriod system as an example, through the ActivityManager we can Get running activities in the system, including process (Process), application program/package, service (Service), task (Task) information, use ActivityManager's getRunningAppProces (get running process information) method to get RunningAppProcessInfo (running Process information), there will be a unique identifier UID in RunningAppProcessInfo.

S402. Identify valid links among all the links, and count traffic used by the valid links, and use the counted traffic as traffic of the detected application program.

Here, it should be noted that, compared with the method of determining the traffic of the corresponding application program through the process, the method of determining the traffic corresponding to the application program through the application program identifier is more accurate. Because when an application initiates a link that is an invalid link, the application does not consume traffic, but the process of the link still exists in the background of the terminal, so when the traffic of the corresponding application is determined by the running process, it will be more than the actual consumption. The traffic of the corresponding application is large, so this method cannot accurately count the traffic consumed by the corresponding application; and the method of determining the traffic of the corresponding application through the process will also use the communication traffic between the processes in the system as the consumption between the corresponding applications Traffic, obviously these traffic is not based on the traffic generated by the operator, but the amount of data communicated between internal components of the system, and it is unreasonable and inaccurate to count these traffic as the consumption traffic of the corresponding application. The method of determining the traffic of the corresponding application based on the application identifier is to determine the valid link of the corresponding application, and does not count the consumption traffic of the invalid link, and does not count the amount of data communicated between the internal components of the system. It can be known from the above that the method of determining the traffic of the corresponding application based on the application identifier is more reasonable and accurate.

Here, the so-called effective link means that the current terminal has established a data link with the opposite end, and can realize effective data communication between the two terminals.

Specifically, the identification of valid links among all the links may be implemented in the following ways, including:

Obtain domain name resolution request;

In the process of network access by the client through the domain name, domain name resolution is first required, that is, the domain name registrar resolves to a fixed IP address corresponding to the domain name through a dedicated domain name resolution server, and then accesses the corresponding domain name according to the fixed IP address. The WEB server realizes the whole process of network access. And if the client needs to obtain the advertisement content, it also needs to initiate a domain name resolution request in order to resolve the IP address of the advertisement content provider server. Process; here, the local domain name resolution service process is provided by the local VPN service; before the domain name resolution request is redirected to the local domain name resolution service process, protocol conversion can also be performed. The protocol conversion can be realized by a converter, such as /dev/tun device;

Analyzing the URIs corresponding to all the links, and obtaining the host domain names corresponding to all the links;

Judging whether the host domain names corresponding to all the links exist in the preset host blacklist, and determining that the links corresponding to the host domain names existing in the preset host blacklist are invalid links and do not exist in the preset host blacklist The links corresponding to the host domain names in the list are valid links.

When it is determined that a certain link is an invalid link, the request corresponding to the certain link is not returned to the detected application program, thereby saving the traffic of the invalid link. Further, in this embodiment of the present invention, the consumed traffic corresponding to the invalid link may be determined, and the consumed traffic may be used as the saved traffic corresponding to the detected application program. Furthermore, the corresponding saved traffic can also be displayed on the graphical user interface of the mobile terminal, and the specific parameters of saved traffic can be displayed in a more vivid form, as shown in FIG. 3a. The embodiment of the present invention can also identify the source of the invalid link according to the host domain name (host domain name) corresponding to the invalid link, to count which detected application programs are intercepted based on the invalid link, and the total number of intercepted times, for example: identifiable Some plug-in advertisements or some illegal content advertisements are advertisements of which company, and the detected applications based on which these plug-in advertisements are blocked and the number of blocked times can be counted.

Specifically, in this embodiment, the uplink traffic of the invalid link may be acquired, and the corresponding downlink traffic may be determined according to the relationship between the uplink traffic and the downlink traffic, and the uplink traffic and the downlink traffic may be used as the corresponding saving traffic.

S403. Compare the traffic of the detected application with a preset traffic threshold of the detected application, if the traffic of the detected application is greater than or equal to the traffic of the detected application When the threshold is exceeded, a traffic warning prompt is provided through the user interface of the mobile terminal.

This embodiment can not only realize accurate, effective and comprehensive monitoring of the traffic of each application program, but also provide an early warning prompt through the user interface of the mobile terminal when the traffic of the detected application program is abnormal, reducing the consumption of irrelevant traffic .

Specifically, when the user sees the warning prompt, the detected application can disable the networking function of the detected application through the switch button corresponding to the detected application in 3b.

Please refer to FIG. 5. In order to reduce the consumption of irrelevant traffic, in another specific implementation manner, after the traffic warning prompt through the user interface of the mobile terminal further includes:

S501. Receive user operation information sent by the mobile terminal, where the user operation information is information about operations performed by the user on the detected application program through the user interface of the mobile terminal, including closing or prohibiting the application program operation information, or operation information including adding the detected application program to the traffic blacklist;

S502. Perform related operations according to the user operation information, including closing the detected application program, or prohibiting the application program from connecting to the network, or saving the identification of the detected application program in the traffic hacker list.

In the embodiment of the present invention, to realize prohibiting the application program from performing network connection, the loopback IP address can be returned to the application trying to connect to the network, so that the HTTP request data packet sent to the loopback IP address will be looped back to the sender, and A recipient will not be reached. Thus making the network link invalid. Or by sending a reset message to the traffic statistics APP of the client, wherein, the header of the reset message includes the UID identification of the monitored application program (can be set in the window field), in order to terminate the communication with the monitored application program Internet connection.

This embodiment can not only realize accurate, effective and comprehensive monitoring of the traffic of each application program, but also provide an early warning prompt through the user interface of the mobile terminal when the traffic of the detected application program is abnormal, reducing the consumption of irrelevant traffic . It can assist users to save traffic on mobile terminals, and close unnecessary background applications or advertising programs that consume too much traffic.

Embodiment Four

Please refer to FIG. 6, which shows a schematic diagram of the modules of the flow monitoring device of the application program of this embodiment, and the flow monitoring device includes:

A determining unit 601, configured to determine all links initiated by the detected application according to the identifier of the detected application;

The statistics unit 602 is connected with the determination unit 601, and is configured to identify valid links among all the links, and count the traffic used by the valid links, and use the counted traffic as the traffic of the detected application program.

The statistical unit 602 includes:

The parsing subunit is configured to parse the URIs corresponding to all the links, and obtain the host domain names corresponding to all the links;

The judging subunit is used to judge whether the host domain names corresponding to all the links exist in the preset host blacklist, and determine that the links corresponding to the host domain names in the preset host blacklist are invalid links and do not exist in the default host blacklist. Links corresponding to host domain names in the preset host blacklist are valid links.

Please refer to FIG. 7. In the above first possible implementation manner, the device further includes:

The display unit 603 is configured to display the traffic of the detected application through the user interface of the mobile terminal installed with the detected application.

In the above second possible implementation manner, the device further includes:

A judging unit 604, configured to compare the traffic of the detected application with a preset traffic threshold of the detected application, and if the traffic of the detected application is greater than or equal to the detected When the traffic threshold of the application program is reached, a traffic warning prompt is provided through the user interface of the mobile terminal.

In the above third possible implementation manner, the device further includes:

The saving unit 605 is configured to determine the consumption flow corresponding to the invalid link, and use the consumption flow as the corresponding saving flow.

Referring to FIG. 8, in the above third possible implementation manner, the judging unit 604 includes:

The receiving subunit 6041 is configured to receive user operation information sent by the mobile terminal, the user operation information is information about the operation performed by the user on the detected application program through the user interface of the mobile terminal, including closing or prohibiting the operation information of the application program, or including the operation information of adding the detected application program to the traffic blacklist;

The operation subunit 6042 is configured to perform related operations according to the user operation information, including closing the detected application program, or prohibiting the application program from connecting to the network, or saving the identification of the detected application program to the traffic blacklist.

This embodiment is a device embodiment corresponding to Embodiments 1 to 3, and its working principle and beneficial effect are substantially the same as those of Embodiments 1 to 3. Please refer to the description of the foregoing method embodiments, and will not repeat them here.

Embodiment five

This embodiment provides a mobile terminal, including: the apparatus for monitoring traffic of application programs described in Embodiment 4 above. The mobile terminal may be a smart phone, a tablet computer, or the like.

Please refer to FIG. 9 , which shows a diagram of an actual system applicable to this embodiment, and the system includes: at least one mobile terminal 1001 - 100n and a monitoring server 103 . The embodiment of the present invention can be realized based on the local VPN server inside the mobile terminal. In order to facilitate the use of VPN services, the operating system of the mobile terminal has opened a plurality of system interfaces (APIs). When the user confirms, the VPN service can be controlled. and manage permissions for other apps. Specifically, by calling the API provided by the operating system, the VPN service inside the mobile terminal can be enabled. When other applications of the mobile terminal want to access the network, the network connection requests initiated by the application are all processed by the local VPN service or passed through the above traffic. Statistics APP controls local VPN service processing, enabling mobile terminals to effectively and safely access network resources.

The mobile terminal 1001 is a mobile terminal installed with a statistical application program traffic function APP (hereinafter referred to as the traffic statistics APP), and at least one application program is installed in the mobile terminal. traffic for each application. The working principle of the traffic statistics of the mobile terminals 1002-100n is similar to that of the mobile terminal 1001, just refer to the description of the mobile terminal 1001. Specifically, assuming that the mobile terminal 1001 is installed with application program a, application program b, and traffic statistics APP, the traffic statistics APP can perform traffic statistics on application program a, application program b, and traffic statistics APP. For its working principle, please refer to the aforementioned In Embodiments 1 to 4, the mobile terminal 1001 can perform traffic statistics of each application program based on the principle of the aforementioned embodiments 1 to 4. Here, since each application program is monitored and detected by the traffic statistics APP, it is called a detected application program.

More specifically, FIG. 10 shows a specific system diagram to which the embodiment of the present invention is applicable, and the system may include a mobile terminal 1001, a billing system 101, a VPN (Virtual Private Network, Virtual Private Network) server 102 and a monitoring server 103, During the execution of the actual data service, a VPN channel 104 is established among the mobile terminal 1001 , the billing system 101 and the VPN server 102 . Wherein, the mobile terminal 1001 can be a terminal device with mobile networking services such as a smart phone and a tablet computer. In the embodiment of the present invention, a VPN service is created inside the mobile terminal 1001. Here, the mobile terminal 1001 is a client end of a VPN server, namely a VPN client, the data packets used to generate traffic in the embodiment of the present invention are all sent or received through the VPN service. The billing system 101 belongs to the operator system, and is used for traffic billing for the uplink data packets sent by the mobile terminal 1001 and the downlink data packets received. Form billing to get the final bill. VPN server 102 is the equipment that provides VPN service on the server side, and it is the server end of VPN service, namely VPN server. The VPN server, VPN client and the VPN channel established between them cooperate with each other to establish a virtual private network on the public network, thereby realizing remote access. The monitoring server 103 is a server that provides data resources and data flow analysis, and can also provide resource download services. The principle of the mobile terminal 1001 is generally similar to that of FIG. 9 , and details can be referred to the foregoing description. In this system, there may also be multiple mobile terminals, and the principle may refer to the foregoing description.

In the embodiment of the present invention, the uplink data packet here may be an HTTP request data packet for downloading resources provided by the resource server. Before the client wants to send the HTTP request packet, it first compresses the HTTP request packet. The purpose of reducing the amount of data transmission and thus saving traffic is achieved.

After the VPN server receives the uplink compressed data packet, it decompresses the uplink compressed data packet, and then sends it to a corresponding resource server. During the transmission process of the uplink data packet, the billing system has already performed billing processing on the uplink compressed data packet, and the uplink data packet passed by the VPN server to the resource server does not involve billing, so the VPN server decompresses the uplink compressed data packet. After compression, send it to the resource server to request the corresponding resource.

The client is equipped with a compression process. Before the client sends the HTTP request packet, the compression process is called to compress the HTTP request packet. The data volume of the compressed HTTP request packet is smaller than the HTTP request data before compression. packets to achieve the purpose of reducing the amount of data transmission and thus saving traffic.

Optionally, the compression process includes a compression sub-process for compressing HTTP header information and a compression sub-process for compressing upstream data.

Specifically, before compressing the HTTP header information, a character library needs to be established in advance. Generally speaking, there are currently many algorithms for compressing data, making data compression relatively easy to implement. But for the HTTP header information, since the HTTP header information contains character units such as letters and words, and the HTTP header information transmits relatively important information, these characters are not easy to be compressed, and once the compression algorithm fails If it is damaged, it will cause errors in information transmission, which will lead to failure of downloading resources. In view of these problems, the present invention proposes a method of establishing a character library to compress HTTP header information. This compression method has a very low probability of loss and has a certain compression rate.

Specifically, the establishment process of the character library is: select common HTTP request packets, analyze the HTTP header information in these common HTTP request packets through programs, and parse out common characters (including words, words and combinations thereof) therefrom, These characters are sorted according to the frequency of occurrence of these characters, and the characters ranked first are selected to be added to the character library, for example, the characters ranked first 20 are selected. In the present invention, the establishment process of the character library is not limited to the above-mentioned process, and methods aiming at selecting common characters to add to the character library all belong to the protection scope of the present invention.

On the premise that the character library is established in advance, the compression subprocess for compressing the HTTP header information compares the characters contained in the HTTP header information with the characters in the character library. The character contained in the HTTP header information is replaced with the offset value of the character in the character library. Taking the GET information "GET/simple.htm HTTP/1.1" contained in the HTTP header information as an example, the compression sub-process converts characters and character libraries such as "GET", "simple.htm", "HTTP" and "1.1" Compare the characters in the character library, and find that "GET", "HTTP" and "1.1" are all consistent with a character in the character library, then replace these characters with the offset value of the character in the character library, such as: Replace "GET" with "1", "HTTP" with "3", and "1.1" with "5", where "1", "3", and "5" are the corresponding characters in the character library An offset value, the offset value may be the serial number sorted in the above character library, which is not limited in the present invention.

For the uplink data in the uplink data packet, considering that the amount of uplink data transmission is generally much smaller than the amount of downlink data transmission, the embodiment of the present invention preferably uses less system resources when compressing uplink data but the compression rate is not necessarily high. Algorithm, such as Gzip compression algorithm or zlib compression algorithm. The use of this compression algorithm can reduce the occupancy rate of system resources of the client, avoid affecting the running speed of the client, and avoid excessive consumption of power of the client.

Each embodiment in this specification is described in a progressive manner, each embodiment focuses on the difference from other embodiments, and the same and similar parts of each embodiment can be referred to each other.

It can be understood that the above methods and related features in the switch can refer to each other. In addition, "first", "second" and so on in the above embodiments are used to distinguish each embodiment, and do not represent the advantages and disadvantages of each embodiment.

Those skilled in the art can clearly understand that for the convenience and brevity of the description, the specific working process of the above-described system, device and unit can refer to the corresponding process in the foregoing method embodiment, which will not be repeated here.

The algorithms and displays presented herein are not inherently related to any particular computer, virtual system, or other device. Various generic systems can also be used with the teachings based on this. The structure required to construct such a system is apparent from the above description. Furthermore, the present invention is not specific to any particular programming language. It should be understood that various programming languages can be used to implement the content of the present invention described herein, and the above description of specific languages is for disclosing the best mode of the present invention.

In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure the understanding of this description.

Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, in order to streamline this disclosure and to facilitate an understanding of one or more of the various inventive aspects, various features of the invention are sometimes grouped together in a single embodiment, figure, or its description. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.

Those skilled in the art can understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. Modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore may be divided into a plurality of sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method or method so disclosed may be used in any combination, except that at least some of such features and/or processes or units are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

Furthermore, those skilled in the art will understand that although some embodiments described herein include some features included in other embodiments but not others, combinations of features from different embodiments are meant to be within the scope of the invention. and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.

The various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) may be used in practice to implement some or all functions of some or all components in the device provided according to the embodiments of the present invention. The present invention can also be implemented as an apparatus or an apparatus program (for example, a computer program and a computer program product) for performing a part or all of the methods described herein. Such a program for realizing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such a signal may be downloaded from an Internet site, or provided on a carrier signal, or provided in any other form.

It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. does not indicate any order. These words can be interpreted as names.

On the one hand, the present invention discloses A1, a traffic monitoring method of an application program, comprising:

determining all links initiated by the detected application according to the identifier of the detected application;

Identify valid links among all the links, count the traffic used by the valid links, and use the counted traffic as the traffic of the detected application program.

A2. The method as described in A1, the identifying valid links in all the links includes:

Analyzing the URIs corresponding to all the links, and obtaining the host domain names corresponding to all the links;

Judging whether the host domain names corresponding to all the links exist in the preset host blacklist, and determining that the links corresponding to the host domain names existing in the preset host blacklist are invalid links and do not exist in the preset host blacklist The links corresponding to the host domain names in the list are valid links.

A3. The method according to A2, further comprising: determining the consumption flow corresponding to the invalid link, and using the consumption flow as the corresponding saving flow.

A4. The method as described in A1, after using the counted traffic as the traffic of the detected application program, including:

The traffic of the detected application is displayed through the user interface of the mobile terminal installed with the detected application.

A5. The method as described in A1, after using the counted traffic as the traffic of the detected application program, including:

comparing the traffic of the detected application with a preset traffic threshold of the detected application, if the traffic of the detected application is greater than or equal to the traffic threshold of the detected application , performing a traffic warning prompt through the user interface of the mobile terminal.

A6. The method as described in A5, after the traffic warning prompt is performed through the user interface of the mobile terminal, it includes:

receiving user operation information sent by the mobile terminal, where the user operation information is information on operations performed by the user on the detected application program through the user interface of the mobile terminal, including closing or prohibiting the operation of the application program information, or include operational information for adding the detected application to a traffic blacklist;

Perform relevant operations according to the user operation information, including closing the detected application program, or prohibiting the application program from connecting to the network, or saving the identification of the detected application program in the traffic blacklist .

The present invention also discloses B7, a flow monitoring device for application programs, comprising:

A determining unit, configured to determine all links initiated by the detected application program according to the identifier of the detected application program;

The statistical unit is configured to identify valid links among all the links, and count the traffic used by the valid links, and use the counted traffic as the traffic of the detected application program.

B8, the device as described in B7, the statistical unit includes:

The parsing subunit is configured to parse the URIs corresponding to all the links, and obtain the host domain names corresponding to all the links;

The judging subunit is used to judge whether the host domain names corresponding to all the links exist in the preset host blacklist, and determine that the links corresponding to the host domain names in the preset host blacklist are invalid links and do not exist in the default host blacklist. Links corresponding to host domain names in the preset host blacklist are valid links.

B9. The device according to B8, further comprising a saving unit: configured to determine the consumption flow corresponding to the invalid link, and use the consumption flow as the corresponding saving flow.

B10, the device as described in B7, said device also includes:

The display unit is configured to display the traffic of the detected application program through the user interface of the mobile terminal installed with the detected application program.

B11, the device as described in B7, said device also includes:

a judging unit, configured to compare the traffic of the detected application with a preset traffic threshold of the detected application, and if the traffic of the detected application is greater than or equal to the traffic of the detected application When the flow threshold of the program is reached, the user interface of the mobile terminal is used to provide a flow warning prompt.

B12, the device as described in B11, the judgment unit includes:

The receiving subunit is configured to receive user operation information sent by the mobile terminal, the user operation information is information about the operation performed by the user on the detected application program through the user interface of the mobile terminal, including closing or prohibiting The operation information of the application program, or including the operation information of adding the detected application program to the traffic blacklist;

An operation subunit, configured to perform related operations according to the user operation information, including closing the detected application program, or prohibiting the application program from connecting to the network, or saving the identification of the detected application program in the In the traffic blacklist.

The present invention also discloses C13, a mobile terminal, comprising: a flow monitoring device for an application program according to any one of claims 7-12.

Claims (10)

1. A traffic monitoring method of an application program, comprising: determining all links initiated by the detected application according to the identifier of the detected application; Identify valid links among all the links, count the traffic used by the valid links, and use the counted traffic as the traffic of the detected application program. 2. The method according to claim 1, wherein said identifying valid links in said all links comprises: Analyzing the URIs corresponding to all the links, and obtaining the host domain names corresponding to all the links; Judging whether the host domain names corresponding to all the links exist in the preset host blacklist, and determining that the links corresponding to the host domain names existing in the preset host blacklist are invalid links and do not exist in the preset host blacklist The links corresponding to the host domain names in the list are valid links. 3. The method according to claim 1, characterized in that, after using the statistical traffic as the traffic of the detected application, the method comprises: The traffic of the detected application is displayed through the user interface of the mobile terminal installed with the detected application. 4. The method according to claim 1, characterized in that, after using the statistical traffic as the traffic of the detected application, the method comprises: comparing the traffic of the detected application with a preset traffic threshold of the detected application, if the traffic of the detected application is greater than or equal to the traffic threshold of the detected application , performing a traffic warning prompt through the user interface of the mobile terminal. 5. The method according to claim 4, characterized in that, after the user interface of the mobile terminal is used for the traffic warning prompt, it includes: receiving user operation information sent by the mobile terminal, where the user operation information is information on operations performed by the user on the detected application program through the user interface of the mobile terminal, including closing or prohibiting the operation of the application program information, or include operational information for adding the detected application to a traffic blacklist; Perform relevant operations according to the user operation information, including closing the detected application program, or prohibiting the application program from connecting to the network, or saving the identification of the detected application program in the traffic blacklist . 6. A traffic monitoring device for an application program, comprising: A determining unit, configured to determine all links initiated by the detected application program according to the identifier of the detected application program; The statistical unit is configured to identify valid links among all the links, and count the traffic used by the valid links, and use the counted traffic as the traffic of the detected application program. 7. The device according to claim 6, wherein the statistical unit comprises: The parsing subunit is configured to parse the URIs corresponding to all the links, and obtain the host domain names corresponding to all the links; The judging subunit is used to judge whether the host domain names corresponding to all the links exist in the preset host blacklist, and determine that the links corresponding to the host domain names in the preset host blacklist are invalid links and do not exist in the default host blacklist. Links corresponding to host domain names in the preset host blacklist are valid links. 8. The device according to claim 6, further comprising: a judging unit, configured to compare the traffic of the detected application with a preset traffic threshold of the detected application, and if the traffic of the detected application is greater than or equal to the traffic of the detected application When the flow threshold of the program is reached, the user interface of the mobile terminal is used to provide a flow warning prompt. 9. The device according to claim 8, wherein the judging unit comprises: The receiving subunit is configured to receive user operation information sent by the mobile terminal, the user operation information is information about the operation performed by the user on the detected application program through the user interface of the mobile terminal, including closing or prohibiting The operation information of the application program, or include the operation information of adding the detected application program to the traffic blacklist; An operation subunit, configured to perform related operations according to the user operation information, including closing the detected application program, or prohibiting the application program from connecting to the network, or saving the identification of the detected application program in the In the traffic blacklist. 10. A mobile terminal, characterized by comprising: the flow monitoring device for the application program according to any one of claims 6-9.