CN112784272B - Application processing method, device, electronic equipment, system and storage medium - Google Patents
Application processing method, device, electronic equipment, system and storage medium Download PDFInfo
- Publication number
- CN112784272B CN112784272B CN202110104147.5A CN202110104147A CN112784272B CN 112784272 B CN112784272 B CN 112784272B CN 202110104147 A CN202110104147 A CN 202110104147A CN 112784272 B CN112784272 B CN 112784272B
- Authority
- CN
- China
- Prior art keywords
- sensitive function
- call set
- source code
- function call
- target application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING OR CALCULATING; COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/53—Decompilation; Disassembly
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Stored Programmes (AREA)
Abstract
The embodiment of the invention discloses an application processing method, an application processing device, electronic equipment, an application processing system and a storage medium, wherein the application processing method comprises the following steps: decompiling an installation package of a target application program to obtain a target file; determining a static analysis sensitive function call set of the target application program according to the target file and the first preset sensitive function library; acquiring a dynamic analysis sensitive function call set of the target application program from the test equipment, wherein the dynamic analysis sensitive function call set is determined by the test equipment according to a second preset sensitive function library in the running process of the target application program; and generating a sensitive function detection set for the target application program according to the static analysis sensitive function call set and the dynamic analysis sensitive function call set. The embodiment of the invention can improve the detection efficiency of the sensitive function, so that the detection result is more accurate and comprehensive.
Description
Technical Field
The present invention relates to computer technology, and in particular, to an application processing method, apparatus, electronic device, system, and storage medium.
Background
In the process of realizing the invention, the inventor discovers that in the process of verifying, the file obtained by decompiling the installation package needs to be detected manually to determine which sensitive functions are called in the application program, wherein the sensitive functions refer to functions calling sensitive authorities, the sensitive authorities can comprise authorities related to user privacy information (such as address book, short message and the like), authorities related to sensitive operation capability (such as a camera, a microphone and the like) and the like, and the method for detecting the sensitive functions manually is not intuitive and has low detection efficiency; in addition, the method for detecting the sensitive function by manually detecting the file obtained by decompiling the installation package is a static detection method, the use condition of the sensitive function is not considered, and when the sensitive function is not used, the detection method also has the problem that the detection result is not accurate enough.
Disclosure of Invention
The embodiment of the invention provides an application processing method, an application processing device, an electronic device, an application processing system and a storage medium, which can improve the detection efficiency of a sensitive function and enable a detection result to be more accurate and comprehensive.
In a first aspect, an embodiment of the present invention provides an application processing method, where the method includes:
Decompiling an installation package of a target application program to obtain a target file;
determining a static analysis sensitive function call set of the target application program according to the target file and a first preset sensitive function library;
Acquiring a dynamic analysis sensitive function call set of the target application program from test equipment, wherein the dynamic analysis sensitive function call set is determined by the test equipment according to a second preset sensitive function library in the running process of the target application program;
and generating a sensitive function detection set for the target application program according to the static analysis sensitive function call set and the dynamic analysis sensitive function call set.
In a second aspect, an embodiment of the present invention provides another application processing method, including:
operating a target application program, and determining whether the target application program calls a sensitive function according to a second preset sensitive function library in the operation process;
When the target application program calls the sensitive function, generating a dynamic analysis sensitive function call set according to the sensitive function;
and sending the dynamic analysis sensitive function call set to a server.
In a third aspect, an embodiment of the present invention provides an application processing apparatus, including:
the decompiling module is used for decompiling the installation package of the target application program to obtain a target file;
the first determining module is used for determining a static analysis sensitive function call set of the target application program according to the target file and a first preset sensitive function library;
The acquisition module is used for acquiring a dynamic analysis sensitive function call set of the target application program from test equipment, wherein the dynamic analysis sensitive function call set is determined by the test equipment according to a second preset sensitive function library in the running process of the target application program;
and the first generation module is used for generating a sensitive function detection set for the target application program according to the static analysis sensitive function call set and the dynamic analysis sensitive function call set.
In a fourth aspect, an embodiment of the present invention provides another application processing apparatus, including:
the second determining module is used for running the target application program and determining whether the target application program calls a sensitive function or not according to a second preset sensitive function library in the running process;
The second generation module is used for generating a dynamic analysis sensitive function call set according to the sensitive function when the sensitive function is called by the target application program;
And the sending module is used for sending the dynamic analysis sensitive function call set to a server.
In a fifth aspect, an embodiment of the present invention further provides an electronic device, including a memory, a processor, and a computer program stored in the memory and capable of running on the processor, where the processor executes the program to implement an application processing method according to any one of the embodiments of the present invention.
In a sixth aspect, an embodiment of the present invention further provides an application processing system, a terminal, a server for executing the application processing method according to any one of the embodiments of the present invention, and a test device for executing the application processing method according to any one of the embodiments of the present invention.
In a seventh aspect, an embodiment of the present invention further provides a computer readable storage medium, on which a computer program is stored, which when executed by a processor implements an application processing method according to any one of the embodiments of the present invention.
In the embodiment of the invention, the installation package of the target application program can be decompiled to obtain the target file; determining a static analysis sensitive function call set of the target application program according to the target file and the first preset sensitive function library; acquiring a dynamic analysis sensitive function call set of the target application program from the test equipment, wherein the dynamic analysis sensitive function call set is determined by the test equipment according to a second preset sensitive function library in the running process of the target application program; and generating a sensitive function detection set for the target application program according to the static analysis sensitive function call set and the dynamic analysis sensitive function call set. In the embodiment of the invention, the sensitive function called by the target application program can be automatically detected, a sensitive function detection set is generated for the target application program, and compared with a manual detection method, the detection efficiency of the sensitive function is improved; in the detection process, a sensitive function detection set is generated for a target application program according to a static analysis sensitive function call set determined by the server and a dynamic analysis sensitive function call set determined by test equipment in the running process of the application program, and meanwhile, a static detection method and a dynamic detection method are adopted, and a dynamic detection result and a static detection result are combined, so that the detection result is more accurate and comprehensive.
In addition, during static detection, static detection results in different dimensions are obtained according to code files in different formats obtained through decompilation and preset sensitive function libraries in different dimensions, and the static detection results in different dimensions are combined, so that missing detection is avoided, and the comprehensiveness of the static detection results is improved.
Further, during dynamic detection, an application program is operated in a sandbox program, and different operation scenes are switched, so that the comprehensiveness of a dynamic detection result is improved; the hook function is utilized to generate a dynamic analysis sensitive function call set, so that the service condition of the sensitive function is accurately captured, and the accuracy of a dynamic detection result is improved.
Drawings
Fig. 1 is a schematic flow chart of an application processing method according to an embodiment of the present invention.
Fig. 2 is a schematic flow chart of a rights auditing method according to an embodiment of the present invention.
Fig. 3 is another flow chart of an application processing method according to an embodiment of the present invention.
Fig. 4 is a schematic structural diagram of an application processing device according to an embodiment of the present invention.
Fig. 5 is another schematic structural diagram of an application processing device according to an embodiment of the present invention.
Fig. 6 is a schematic structural diagram of an application processing system according to an embodiment of the present invention.
Fig. 7 is a schematic structural diagram of an electronic device according to an embodiment of the present invention.
Detailed Description
The invention is described in further detail below with reference to the drawings and examples. It is to be understood that the specific embodiments described herein are merely illustrative of the invention and are not limiting thereof. It should be further noted that, for convenience of description, only some, but not all of the structures related to the present invention are shown in the drawings.
Fig. 1 is a schematic flow chart of an application processing method according to an embodiment of the present invention, where the method may be performed by an application processing device according to an embodiment of the present invention, and the device may be implemented in software and/or hardware. In a specific embodiment, the apparatus may be integrated in a server. The following embodiments will be described taking the example that the apparatus is integrated in a server. Referring to fig. 1, the method may specifically include the steps of:
step 101, decompiling an installation package of a target application program to obtain a target file.
For example, the target application may refer to an application that needs to perform sensitive function detection, and the target application may be an Android (mobile operating system developed by google corporation) application or an IOS (mobile operating system developed by apple corporation) application, and the description below uses the target application as an Android application. Specifically, the target file may be obtained by decompiling an installation package of the target application program by using a decompiling tool, where the installation package of the target application program may be APK (Android application package) packages, or may be a software development tool (Software Development Kit, SDK) package, and the decompiling tool includes: apktool, dex2jar, jd-gui, jadx, AXMLPrinter2, etc., the target file may include at least one of a register language smali code file, a source code file, which may be, for example, a java file, kotlin file, etc.
For example, the installation package can be decompiled and parsed by apktool or AXMLPrinter2 to obtain a class. Dex file, etc.; decompiling the class. Dex file by baksmali to obtain a smali code file; and analyzing the decompiled class. Dex file into a java file with a suffix of the java file by using the dex2jar, and analyzing the java file into a java file by using jd-gui so as to obtain a source code file.
And 102, determining a static analysis sensitive function call set of the target application program according to the target file and the first preset sensitive function library.
The static analysis sensitive function call set comprises sensitive functions of target application program call obtained through a static analysis method, wherein the sensitive functions can comprise one or more analysis methods of the target application program, namely, the static analysis method is not operated.
By way of example, a sensitive function may refer to a function that invokes sensitive rights, which may include rights related to user privacy information (e.g., address book, text message, etc.), rights related to sensitive operational capabilities (e.g., camera, microphone, etc.), and so forth. The rights in the Android system are definitely divided into two types, namely a common right (Normal Permission) and a dangerous right (Dangerous Permission), and the dangerous right belongs to a sensitive right.
For convenience in management, the Android system compiles rights similar in function, such as a read external STORAGE right ad_ EXTERNAL _store and a WRITE external STORAGE right write_ EXTERNAL _store, into a plurality of rights groups (Permission groups), and all rights in the same Group can be granted at the same time, and in practical application, the following two situations can occur:
(1) If the application applies for a dangerous right that has been declared in the global profile android management xml file, and the application has not yet obtained any of the rights in the set of rights to which the dangerous right belongs, the system pops up a dialog box asking the user to grant rights in the set of rights (but does not indicate which rights are in the set).
(2) If the application applies for a dangerous right that has been declared in the global profile android management xml file, and at this time the application has obtained any one of the rights in the set of rights to which the dangerous right belongs, the system will immediately grant the request without any interaction with the user.
The ordinary rights and the dangerous rights can be distinguished by checking whether the rights violate the privacy of the user, and the rights such as setting a system time zone basically do not relate to the privacy of the user, so that the rights belong to the ordinary rights, and the rights such as reading contact information obviously touch the private data of the user, so that the rights belong to the dangerous rights.
In a specific implementation, the first preset sensitive function library may be previously established according to the following method:
(1) And acquiring characteristic information of a preset sensitive function.
The preset sensitivity function may be any function marked as a sensitivity function, and the preset sensitivity function includes a large number of sensitivity functions. The feature information of the preset sensitive function may include a name of the preset sensitive function, a class name of a class to which the preset sensitive function belongs, description information of the preset sensitive function, a name of a sensitive authority corresponding to the preset sensitive function, and the like, which are not particularly limited herein.
For example, the characteristic information of the preset sensitive function can be crawled by utilizing the web crawler, and then the characteristic information of the preset sensitive function crawled by the web crawler can be obtained; or the characteristic information of the preset sensitive function can be collected through a manual collection mode, for example, the characteristic information of the preset sensitive function can be tidied through a manual mode, and then the tidied characteristic information of the preset sensitive function is uploaded to a server through a terminal, so that the characteristic information of the preset sensitive function uploaded by the terminal can be obtained; in addition, the characteristic information of the preset sensitive function crawled by the web crawler and the characteristic information of the preset sensitive function uploaded by the terminal can be obtained at the same time, and the method is not particularly limited.
(2) And creating a preset sensitive function library according to the characteristic information of the preset sensitive function.
For example, query information can be constructed according to the characteristic information of the preset sensitive function, and a preset sensitive function library is constructed according to the constructed query information; for example, the constructed query information may be stored in a preset database, so as to obtain a preset sensitive function library.
Specifically, when determining the sensitive function called by the target application program, query information may be extracted from a preset sensitive function library, and the target file is queried by using the query information, so as to obtain the sensitive function called by the target application program, where the queried sensitive function may include one or more sensitive functions, and a static analysis sensitive function call set is generated for the target application program according to the queried sensitive function.
Step 103, a dynamic analysis sensitive function call set of the target application program is obtained from the test equipment, and the dynamic analysis sensitive function call set is determined by the test equipment according to a second preset sensitive function library in the running process of the target application program.
The dynamic analysis sensitive function call set comprises sensitive functions of target application program call obtained by a dynamic analysis method, wherein the sensitive functions can comprise one or more analysis methods of the dynamic analysis method, namely, the analysis method of the running target application program.
For example, a sandbox program can be installed on the test equipment, and a target application program is operated in the sandbox program, so that an isolation environment is provided for the operation of the target application program by using the sandbox program, and the sensitive function detection is convenient. And in the running process of the target application program, determining whether the target application program calls a sensitive function according to a second preset sensitive function library, executing a pre-written hook function when the target application program calls the sensitive function, writing the sensitive function into a preset set by using the hook function to obtain a dynamic analysis sensitive function call set, then sending the dynamic analysis sensitive function call set to a server, and receiving the dynamic analysis sensitive function call set by the server.
The test device may be a computer device having a storage unit and a microprocessor mounted thereon, such as a mobile phone, a tablet computer, a notebook computer, and a desktop computer.
And 104, generating a sensitive function detection set for the target application program according to the static analysis sensitive function call set and the dynamic analysis sensitive function call set.
For example, the dynamic analysis sensitive function call set may be removed from the static analysis sensitive function call set to obtain a suspected sensitive function detection set, where the suspected sensitive function detection set includes a sensitive function suspected to be called by the target application.
For example, an intersection of the static analysis sensitive function call set and the dynamic analysis sensitive function call set may be calculated to obtain a determination sensitive function detection set, where the determination sensitive function detection set includes the determined sensitive function of the target application call.
In a specific implementation, the server may execute the application processing method provided by the embodiment of the present invention, perform sensitive function detection on the installation package of each application in advance, generate a sensitive function detection set according to the detection result, store the sensitive function detection set generated for each application, and when receiving a sensitive function detection request sent by the terminal and aiming at the target application, query the storage to obtain a corresponding sensitive function detection set, and feed back the obtained sensitive function detection set to the terminal.
Or the server can execute the application processing method provided by the embodiment of the invention when receiving the sensitive function detection request for the target application program sent by the terminal, generate a sensitive function detection set for the target application program, and feed back the sensitive function detection set to the terminal.
The terminal can display a sensitive function detection set fed back by the server, and legal compliance departments of enterprises can acquire the condition of the sensitive function called by the target application program by checking the sensitive function detection set.
In the embodiment of the invention, the sensitive function called by the target application program can be automatically detected, a sensitive function detection set is generated for the target application program, and compared with a manual detection method, the detection efficiency of the sensitive function is improved; in the detection process, a sensitive function detection set is generated for a target application program according to a static analysis sensitive function call set determined by the server and a dynamic analysis sensitive function call set determined by test equipment in the running process of the application program, and meanwhile, a static detection method and a dynamic detection method are adopted, and a dynamic detection result and a static detection result are combined, so that the detection result is more accurate and comprehensive.
In a specific embodiment, the first preset sensitive function library may include at least one of a smali sensitive function library, a source code sensitive function library, and a source code reflection sensitive function library, and the static analysis sensitive function call set may include any one of a smali sensitive function call set, a source code reflection sensitive function call set, or a union of any two of them, or a union of three of them.
The data in the smali sensitive function library, the source code sensitive function library and the source code reflection sensitive function library all represent preset sensitive functions, the number of the preset sensitive functions represented in the three libraries can be the same or different, and it can be understood that the three libraries represent the preset sensitive functions from different dimensions by adopting different data formats.
For example, the smali sensitive function library may represent the preset sensitive function by a name list of the preset sensitive function, for example, the name list may be as follows:
r'Landroid/telephony/TelephonyManager;->getNetworkOperator|getDeviceId|getPhoneType|getSubscriberId|getLine1Number|getCellLocation|listen|getSimOperator
Where the character r' in the above expression is character escape-preventing, L denotes that this is an object type, and android/testophory/TelephonyManager denotes the name of different sensitive functions for Java package name ,getNetworkOperator、getDeviceId、getPhoneType、getSubscriberId、getLine1Number、getCellLocation、listen、getSimOperator.
Illustratively, the smali-sensitive function call set can be obtained by:
Inquiring the smali code file according to the smali sensitive function library to obtain a smali sensitive function call set. For example, the names of the functions in the smali code file can be matched with the name list of the sensitive functions in the smali sensitive function library, and a smali sensitive function call set is created according to the matched names of the sensitive functions.
For example, the source code sensitive function library may represent the preset sensitive function by a character string, the character string may be divided into two types, one type of character string is used for the query class (i.e., the class name of the class to which the query sensitive function belongs), and this type of character string may be referred to as a first character string; another type of string is used for the query sensitivity function (i.e., the name of the query sensitivity function), and this type of string may be referred to as a second string.
Taking the example of a sensitivity function describing information as "recorded audio", the first string may be expressed as:
' string1': android.media. Mediarecorder ', wherein android.media. Mediarecorder is a class name;
The second string may be represented as:
' string2': setAudioSource ', where setAudioSource is the name of the sensitive function.
Illustratively, the source code sensitive function call set may be obtained by:
and inquiring the source code file according to the source code sensitive function library to obtain a source code sensitive function call set. For example, the source code file may be queried for data matching the first string, or matching the second string, or matching both the first string and the second string, and a source code sensitive function call set may be created based on the matched data.
Taking the example of querying the source code file for data matching both the first string (string 1) and the second string (string 2), the implementation code of the querying method may be as follows:
For example, the source code reflection sensitive function library may represent a preset sensitive function by a regular expression, the regular expression may be divided into two types, one type of regular expression is used for a query class (i.e., a class name of a class to which the query sensitive function belongs), and the type of regular expression may be referred to as a first regular expression; another type of regular expression is used for the query-sensitive function (i.e., the name of the query-sensitive function), and this type of regular expression may be referred to as a second regular expression.
Taking the example of a sensitive function describing information "HTTP network connection", the first regular expression may be expressed as:
'regex1' r 'HttpURLConnection |org\apache\http', wherein HttpURLConnection and org.apache.http are class names;
the second regular expression may be expressed as:
'regex2' r 'openConnection |connect| HttpRequest', where openConnection, connect, httpRequest is the name of the sensitive function.
Wherein, the character r ' in the above expression is used for preventing the character from escaping, if special characters such as't ' appear in the character string, the character r ' is not added, the character r ' is escaped, and the character r ' can keep the original appearance after r ' is added; the reverse slash is to prevent single character from escaping, and character r' is used when multiple reverse slacks are needed to escape.
The first regular expression may have a plurality of class names, and the class names are connected by |connection, and the class names are generally packet names imported in source code files generated by decompilation; there may be names of multiple sensitive functions in the second regular expression, and the names of the multiple sensitive functions are connected by |.
Illustratively, the source code reflection sensitive function call set may be obtained by:
And inquiring the source code file according to the source code reflection sensitive function library to obtain a source code reflection sensitive function call set. For example, the source code file may be queried for data matching the first regular expression, or matching the second regular expression, or matching both the first regular expression and the second regular expression, and a source code reflection sensitive function call set may be created from the data on the matching.
In a specific embodiment, taking as an example that first target data matched with both the first regular expression (regular expression 1) and the second regular expression (regular expression 2) is queried in the source code file, implementation codes of the query method may be as follows:
In the specific implementation, the source code file is queried through the source code reflection sensitive function library, so that the sensitive function called by the Java reflection mechanism can be obtained, and the comprehensiveness of sensitive function detection is improved.
In the specific implementation, when static analysis is performed, when the static analysis sensitive function call set takes the union set of at least two of the smali sensitive function call set, the source code sensitive function call set and the source code reflection sensitive function call set, the static analysis sensitive function call set is equivalent to sensitive function detection from different dimensionalities, and the comprehensiveness of the detection result can be improved.
In a specific embodiment, during static analysis, when a source code file is queried according to a source code sensitive function library to obtain a source code sensitive function call set, position information of each sensitive function in the source code file in the source code sensitive function call set can also be obtained, and the sensitive function is marked (e.g. highlighted, distinguished and displayed, etc.) in the source code file according to the position information.
When the source code file is queried according to the source code reflection sensitive function library to obtain a source code reflection sensitive function call set, the position information of each sensitive function in the source code file in the source code reflection sensitive function call set can also be obtained, and the sensitive function is marked (such as highlighting, distinguishing display and the like) in the source code file according to the position information.
When the source code sensitive function library and the source code reflection sensitive function library are adopted at the same time, a union set of the position information acquired by the two methods can be taken, and the sensitive functions are marked in the source code file according to the union set.
In a specific embodiment, when the dynamic analysis obtains the dynamic analysis sensitive function call set of the target application program from the test equipment, the running characteristic information of the target application program intercepted by using the hook function in the generation process of the dynamic analysis sensitive function call set can be obtained from the test equipment, and the running characteristic information can include a function call stack, a class name, description information and the like, wherein the function call stack comprises an original code line number which is operated when the sensitive function is called, and the sensitive function can be marked in an original code file of the target application program according to the original code line number.
It should be noted that, there is a certain difference between the original code in the original code file of the target application program and the source code in the source code file obtained by decompilation, by respectively marking the sensitive function in the source code file and the sensitive function in the original code file, and sending the marked file to the terminal as a detection result, it is convenient for the manager to differentially check the code calling position of the sensitive function, and convenient for the manager to conduct compliance verification.
In a specific embodiment, the authority verification may also be performed in combination with the detected sensitive function for determining the call and the applied authority, and specifically as shown in fig. 2, the method includes the following steps:
step 201, obtaining a sensitive authority corresponding to a sensitive function in a sensitive function detection set.
For example, there is a correspondence between the sensitive function and the sensitive authority, for example, the sensitive authority corresponding to the sensitive function requestLocationUpdates is access_fine_location, the sensitive authority corresponding to the sensitive function CAMERA.
Step 202, obtaining application rights from a global configuration file obtained by decompiling an installation package of a target application program.
For example, the global configuration file androidmanfest. Xml file may be obtained by decompiling the installation package of the target application program with apktool or AXMLPrinter, where the global configuration file androidmanfest. Xml file is a configuration manifest file of the application program, and includes basic information, component information, authority information, and the like of the application program. Basic information of an application such as: the method comprises the steps of packaging name, version code VersionCode, version name VersionName, whether debugging android debuggable, application icon android icon, process of running an application program, whether multiprocess android multiprocess and the like of an application, and a metadata attribute meta-data attribute required by the application, wherein the meta-data attribute comprises a name android name of a metadata item, a resource reference android resource of a resource, a value of the value designated to the item and the like. Component information of the application such as: class information, declaration information, etc. of four major components of an Activity, a service, a broadcast receiver BroadcastReceiver, and a content provider ContentProvider. Rights information of the application such as: the system predefines rights uses-permission, custom rights permission, rights group permission-group permissions, rights tree permission-tree, etc.
Specifically, the system predefined permissions, i.e., the permissions that the application applies to the system, may be obtained from the global configuration file.
And 203, generating a permission auditing report according to the sensitive permission and the application permission.
For example, the method of generating the permission audit report may be as follows:
(1) And searching the target authority according to the matching relation of the sensitive authority and the application authority.
For example, the authority which is not matched with the sensitive authority can be searched in the application authority to obtain a redundant application authority, namely, the authority which exists in the application authority but does not exist in the sensitive authority is searched, and the redundant application authority is usually the applied authority but not used and is the non-compliance authority;
The authority which is not matched with the application authority can be searched in the sensitive authority to obtain redundant use authority, namely, the authority which exists in the sensitive authority but does not exist in the application authority is searched, and the redundant use authority is usually the authority which is not applied but used and is not legal;
The authority matched with the application authority but not configured with the authorization request information can be searched in the sensitive authority to obtain illegal use authority, namely, the authority which exists in the sensitive authority and the application authority at the same time but is not configured with the authority notification information is searched, and the illegal use authority is usually the authority which is applied for use but not requests the authorization or does not notify the use condition of the user, and is the illegal authority.
(2) And generating a permission auditing report according to the target permission.
For example, the target authority may be marked with an audit trail including, but not limited to, redundant application authority, redundant use authority, illegal use authority, non-compliance authority, etc., to obtain an authority audit report.
For example, for a certain application authority A, if the authority A is not included in the sensitive authority, that is, the function of the authority A is not called in the source code, the authority A is not used, and the application is an excessive application, and is regarded as an illegal authority.
For another example, for a certain application authority a, if the sensitive authority includes the authority a, that is, if the source code has a function calling the authority a, and the application program does not obtain any authority in the authority group to which the authority a belongs, in this case, explicit authority notification information is required to notify the user, and if no explicit authority notification information notifies the user, the user is illegally used and is considered as an illegal authority.
For example, for a certain sensitive authority B, the authority B does not belong to the applied authority, i.e. is not applied but called, belongs to redundant use, and is regarded as an illegal authority.
In the specific implementation, the authority verification report can be also sent to the terminal, and the manager can obtain the authority compliance condition by checking the authority verification report, so that convenience is provided for the manager to verify the application program.
It should be noted that, by performing authority verification in combination with determining the sensitive function in the sensitive function detection set and the applied authority, accuracy of the authority verification result can be improved, and in practical application, authority verification can also be performed in combination with the sensitive function in the suspected sensitive function detection set and the applied authority, which is not specifically limited herein.
It should be understood that, although the steps in the flowcharts of fig. 1 and 2 are shown in order as indicated by the arrows, these steps are not necessarily performed in order as indicated by the arrows. The steps are not strictly limited to the order of execution unless explicitly recited herein, and the steps may be executed in other orders. Moreover, at least some of the steps in fig. 1,2 may comprise a plurality of sub-steps or phases, which are not necessarily performed at the same time, but may be performed at different times, nor does the order of execution of the sub-steps or phases necessarily follow one another, but may be performed alternately or alternately with at least a portion of the sub-steps or phases of other steps or other steps.
Fig. 3 is another flow chart of an application processing method according to an embodiment of the present invention, where the method may be performed by an application processing device according to an embodiment of the present invention, and the device may be implemented in software and/or hardware. In a specific embodiment, the apparatus may be integrated in a test device. The following examples will be described taking the integration of the device in a test apparatus as an example. Referring to fig. 3, the method may specifically include the steps of:
Step 301, running the target application program, and determining whether the target application program calls the sensitive function according to the second preset sensitive function library in the running process.
For example, a sandbox program may be installed on the test device, and a target application program is run in the sandbox program, so that an isolation environment is provided for the running of the target application program by using the sandbox program, so that the sensitive function detection is convenient.
In a specific implementation, when a target application program is operated in the sandbox program, different scene operations can be switched to realize comprehensive detection of the sensitive function. Different scenarios such as: foreground scene, home key cut to background scene, home key cut to foreground scene, screen locking scene, unlocking scene, communication scene, equipment restarting scene, etc.
In the process of operating the target application program, determining whether the target application program calls the sensitive function according to the second preset sensitive function library, for example, whether the function called by the target application program belongs to the second preset sensitive function library can be monitored in the process of operating, and when the function called by the target application program belongs to the second preset sensitive function library, determining that the target application program calls the sensitive function.
In a specific implementation, the method for creating the second preset sensitive function library may be similar to the method for creating the first preset sensitive function library, which is not described herein. The second preset sensitive function library may be created by a specific server and sent to the test device, or may be created by the test device itself.
Step 302, when the target application program calls the sensitive function, a dynamic analysis sensitive function call set is generated according to the sensitive function.
By way of example, when the target application program calls the sensitive function, a pre-written hook function can be executed, the sensitive function is written into a preset set by using the hook function to obtain a dynamic analysis sensitive function call set, the use condition of the sensitive function is accurately captured by using the hook function, and the accuracy of a dynamic detection result is improved.
Step 303, send a dynamic analysis sensitive function call set to the server.
Specifically, after sending the dynamic sensitive function call set to the server, the server may generate a sensitive function detection set for the target application program according to the static analysis sensitive function call set generated by the server and the dynamic analysis sensitive function call set.
In addition, when the sensitive function is called by the target application program, the hook function can be used for intercepting the operation characteristic information of the target application program, and the operation characteristic information can comprise a function call stack, a class name, description information and the like, wherein the function call stack comprises an original code line number when the sensitive function is called, and the operation characteristic information is sent to the server, so that the server marks the sensitive function in an original code file of the target application program according to the original code line number.
In the embodiment of the invention, the sensitive function called by the target application program can be automatically detected, a sensitive function detection set is generated for the target application program, and compared with a manual detection method, the detection efficiency of the sensitive function is improved; in the detection process, a sensitive function detection set is generated for a target application program according to the static analysis sensitive function call set and the dynamic analysis sensitive function call set, and the dynamic detection result and the static detection result are combined, so that the detection result is more accurate and comprehensive.
Fig. 4 is a block diagram of an application processing apparatus according to an embodiment of the present invention, where the apparatus is adapted to execute an application processing method according to an embodiment of the present invention. As shown in fig. 4, the apparatus may specifically include:
Decompilation module 401, configured to decompil an installation package of a target application program to obtain a target file;
A first determining module 402, configured to determine a static analysis sensitive function call set of the target application according to the target file and a first preset sensitive function library;
An obtaining module 403, configured to obtain a dynamic analysis sensitive function call set of the target application from a testing device, where the dynamic analysis sensitive function call set is determined by the testing device according to a second preset sensitive function library during an operation process of the target application;
A first generating module 404, configured to generate a sensitive function detection set for the target application program according to the static analysis sensitive function call set and the dynamic analysis sensitive function call set.
In one embodiment, the target file includes at least one of a smali code file and a source code file;
the first preset sensitive function library comprises at least one of a smali sensitive function library, a source code sensitive function library and a source code reflection sensitive function library;
The static analysis sensitive function call set comprises any one of a smali sensitive function call set, a source code sensitive function call set and a source code reflection sensitive function call set, or a union of any two or a union of the three.
In one embodiment, the smali sensitive function call set is obtained by:
Inquiring the smali code file according to the smali sensitive function library to obtain the smali sensitive function call set.
In one embodiment, the source code sensitive function call set is obtained by:
And inquiring the source code file according to the source code sensitive function library to obtain the source code sensitive function call set.
In one embodiment, the source code reflection sensitive function call set is obtained by:
and inquiring the source code file according to the source code reflection sensitive function library to obtain the source code reflection sensitive function call set.
In one embodiment, the first generating module 404 generates a sensitive function detection set for the target application according to the static analysis sensitive function call set and the dynamic analysis sensitive function call set, including:
and removing the dynamic analysis sensitive function call set in the static analysis sensitive function call set to obtain a suspected sensitive function detection set.
In one embodiment, the first generating module 404 generates a sensitive function detection set for the target application according to the static analysis sensitive function call set and the dynamic analysis sensitive function call set, including:
and calculating an intersection of the static analysis sensitive function call set and the dynamic analysis sensitive function call set to obtain a determination sensitive function detection set.
In one embodiment, the first generating module 404 is further configured to:
Acquiring the sensitive authority corresponding to the sensitive function in the determined sensitive function detection set;
acquiring application rights from a global configuration file obtained by decompiling an installation package of a target application program;
And generating a permission auditing report according to the sensitive permission and the application permission.
In one embodiment, the apparatus further comprises:
and the interaction module is used for receiving a sensitive function detection request aiming at the target application program and sent by the terminal, and sending the sensitive function detection set to the terminal.
It will be apparent to those skilled in the art that, for convenience and brevity of description, only the above-described division of the functional modules is illustrated, and in practical application, the above-described functional allocation may be performed by different functional modules according to needs, i.e. the internal structure of the apparatus is divided into different functional modules to perform all or part of the functions described above. The specific working process of the functional module described above may refer to the corresponding process in the foregoing method embodiment, and will not be described herein.
The device provided by the embodiment of the invention can automatically detect the sensitive function called by the target application program, and generate a sensitive function detection set for the target application program, so that compared with a manual detection method, the sensitive function detection efficiency is improved; in the detection process, a sensitive function detection set is generated for a target application program according to a static analysis sensitive function call set determined by the server and a dynamic analysis sensitive function call set determined by test equipment in the running process of the application program, and meanwhile, a static detection method and a dynamic detection method are adopted, and a dynamic detection result and a static detection result are combined, so that the detection result is more accurate and comprehensive.
Fig. 5 is another block diagram of an application processing apparatus according to an embodiment of the present invention, where the apparatus is adapted to execute an application processing method according to an embodiment of the present invention. As shown in fig. 5, the apparatus may specifically include:
A second determining module 501, configured to run a target application, and determine, during the running process, whether the target application calls a sensitive function according to a second preset sensitive function library;
a second generating module 502, configured to generate a dynamic analysis sensitive function call set according to the sensitive function when the target application program calls the sensitive function;
a sending module 503, configured to send the dynamic analysis sensitive function call set to a server.
In one embodiment, the second determining module 501 executes the target application program, including:
And running the target application program in a sandbox program.
In one embodiment, the second determining module 501 determines, during the running process, whether the target application program calls a sensitive function according to a second preset sensitive function library, including:
Monitoring whether the function called by the target application program belongs to the second preset sensitive function library or not in the running process;
and when the function called by the target application program belongs to the second preset sensitive function library, determining that the sensitive function is called by the target application program.
In one embodiment, the second generating module 502 generates a dynamic analysis sensitive function call set according to the sensitive function, including:
and writing the sensitive function into a preset set by running a hook function to obtain the dynamic analysis sensitive function call set.
The device provided by the embodiment of the invention can automatically detect the sensitive function called by the target application program, and generate a sensitive function detection set for the target application program, so that compared with a manual detection method, the sensitive function detection efficiency is improved; in the detection process, a sensitive function detection set is generated for a target application program according to the static analysis sensitive function call set and the dynamic analysis sensitive function call set, and the dynamic detection result and the static detection result are combined, so that the detection result is more accurate and comprehensive.
The embodiment of the invention also provides electronic equipment, which comprises a memory, a processor and a computer program stored in the memory and capable of running on the processor, wherein the processor realizes the application program processing method provided by any embodiment when executing the program.
The embodiment of the invention also provides a computer readable medium, on which a computer program is stored, the program, when executed by a processor, implementing the application program processing method provided in any of the above embodiments.
Fig. 6 illustrates an exemplary system architecture to which an application processing method or an application processing apparatus of an embodiment of the present invention may be applied.
As shown in fig. 6, the system architecture may include a terminal 601, a server 602 for executing the application processing method of the embodiment of the present invention, and a test device 603 for executing the application processing method of the embodiment of the present invention.
The terminal 601, the server 602, the test device 603 comprise a network with respect to each other, the network being used as a medium for providing a communication link, the network may comprise various connection types, such as a wired, a wireless communication link or a fiber optic cable, etc. The interaction between the devices may refer to the description of the foregoing embodiments, which is not repeated herein.
Referring now to FIG. 7, there is illustrated a schematic diagram of a computer system 700 suitable for use in implementing an electronic device of an embodiment of the present invention. The electronic device shown in fig. 7 is only an example and should not be construed as limiting the functionality and scope of use of the embodiments of the invention.
As shown in fig. 7, the computer system 700 includes a Central Processing Unit (CPU) 701, which can perform various appropriate actions and processes according to a program stored in a Read Only Memory (ROM) 702 or a program loaded from a storage section 708 into a Random Access Memory (RAM) 703. In the RAM 703, various programs and data required for the operation of the system 700 are also stored. The CPU 701, ROM 702, and RAM 703 are connected to each other through a bus 704. An input/output (I/O) interface 705 is also connected to bus 704.
The following components are connected to the I/O interface 705: an input section 706 including a keyboard, a mouse, and the like; an output portion 707 including a Cathode Ray Tube (CRT), a Liquid Crystal Display (LCD), and the like, a speaker, and the like; a storage section 708 including a hard disk or the like; and a communication section 709 including a network interface card such as a LAN card, a modem, or the like. The communication section 709 performs communication processing via a network such as the internet. The drive 710 is also connected to the I/O interface 705 as needed. A removable medium 711 such as a magnetic disk, an optical disk, a magneto-optical disk, a semiconductor memory, or the like is mounted on the drive 710 as necessary, so that a computer program read therefrom is mounted into the storage section 708 as necessary.
In particular, according to embodiments of the present disclosure, the processes described above with reference to flowcharts may be implemented as computer software programs. For example, embodiments of the present disclosure include a computer program product comprising a computer program embodied on a computer readable medium, the computer program comprising program code for performing the method shown in the flow chart. In such an embodiment, the computer program may be downloaded and installed from a network via the communication portion 709, and/or installed from the removable medium 711. The above-described functions defined in the system of the present invention are performed when the computer program is executed by a Central Processing Unit (CPU) 701.
The computer readable medium shown in the present invention may be a computer readable signal medium or a computer readable storage medium, or any combination of the two. The computer readable storage medium can be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or a combination of any of the foregoing. More specific examples of the computer-readable storage medium may include, but are not limited to: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. In the present invention, however, the computer-readable signal medium may include a data signal propagated in baseband or as part of a carrier wave, with the computer-readable program code embodied therein. Such a propagated data signal may take any of a variety of forms, including, but not limited to, electro-magnetic, optical, or any suitable combination of the foregoing. A computer readable signal medium may also be any computer readable medium that is not a computer readable storage medium and that can communicate, propagate, or transport a program for use by or in connection with an instruction execution system, apparatus, or device. Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to: wireless, wire, fiber optic cable, RF, etc., or any suitable combination of the foregoing.
The flowcharts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams or flowchart illustration, and combinations of blocks in the block diagrams or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
The modules and/or units involved in the embodiments of the present invention may be implemented in software, or may be implemented in hardware. The described modules and/or units may also be provided in a processor, e.g., may be described as: a processor includes a decompilation module, a first determination module, an acquisition module, and a first generation module; or may be described as: a processor includes a second determination module, a second generation module, and a transmission module. The names of these modules do not constitute a limitation on the module itself in some cases.
As another aspect, the present invention also provides a computer-readable medium that may be contained in the apparatus described in the above embodiments; or may be present alone without being fitted into the device. The computer readable medium carries one or more programs which, when executed by a device, cause the device to include: decompiling an installation package of a target application program to obtain a target file; determining a static analysis sensitive function call set of the target application program according to the target file and a first preset sensitive function library; acquiring a dynamic analysis sensitive function call set of the target application program from test equipment, wherein the dynamic analysis sensitive function call set is determined by the test equipment according to a second preset sensitive function library in the running process of the target application program; and generating a sensitive function detection set for the target application program according to the static analysis sensitive function call set and the dynamic analysis sensitive function call set.
Or when the one or more programs are executed by one of the devices, causes the device to comprise: operating a target application program, and determining whether the target application program calls a sensitive function according to a second preset sensitive function library in the operation process; when the target application program calls the sensitive function, generating a dynamic analysis sensitive function call set according to the sensitive function; and sending the dynamic analysis sensitive function call set to a server.
According to the technical scheme provided by the embodiment of the invention, the sensitive function called by the target application program can be automatically detected, a sensitive function detection set is generated for the target application program, and compared with a manual detection method, the sensitive function detection efficiency is improved; in the detection process, a sensitive function detection set is generated for a target application program according to the static analysis sensitive function call set and the dynamic analysis sensitive function call set, and meanwhile, a static detection method and a dynamic detection method are adopted, and a dynamic detection result and a static detection result are combined, so that the detection result is more accurate and comprehensive.
The above embodiments do not limit the scope of the present invention. It will be apparent to those skilled in the art that various modifications, combinations, sub-combinations and alternatives can occur depending upon design requirements and other factors. Any modifications, equivalent substitutions and improvements made within the spirit and principles of the present invention should be included in the scope of the present invention.
Claims (19)
1. An application processing method, comprising:
Decompiling an installation package of a target application program to obtain a target file, wherein the target file comprises a source code file;
Determining a static analysis sensitive function call set of the target application program according to the target file and a first preset sensitive function library, wherein the first preset sensitive function library comprises a source code sensitive function library and/or a source code reflection sensitive function library, and correspondingly, the static analysis sensitive function call set comprises a source code sensitive function call set and/or a source code reflection sensitive function call set;
Acquiring a dynamic analysis sensitive function call set and a function call stack of the target application program from test equipment, wherein the dynamic analysis sensitive function call set is determined by the test equipment according to a second preset sensitive function library in the running process of the target application program, a sensitive function in the dynamic analysis sensitive function call set is a function belonging to the second preset sensitive function library in the functions called by the target application program, and the function call stack comprises an original code line number which is run by the target application program when the sensitive function is called;
Generating a sensitive function detection set for the target application program according to the static analysis sensitive function call set and the dynamic analysis sensitive function call set;
acquiring position information of each sensitive function in the static analysis sensitive function call set in the source code file, and marking the sensitive function in the source code file according to the position information;
Marking a sensitive function in an original code file of the target application program according to the original code line number;
Wherein, the original code in the original code file of the target application program is different from the source code in the source code file.
2. The application processing method according to claim 1, wherein,
The target file also comprises a smali code file;
the first preset sensitive function library further comprises a smali sensitive function library;
the static analysis sensitive function call set further comprises a smali sensitive function call set.
3. The application processing method according to claim 2, wherein the smali-sensitive function call set is obtained by:
Inquiring the smali code file according to the smali sensitive function library to obtain the smali sensitive function call set.
4. The application processing method according to claim 2, wherein the source code sensitive function call set is obtained by:
And inquiring the source code file according to the source code sensitive function library to obtain the source code sensitive function call set.
5. The application processing method according to claim 2, wherein the source code reflection sensitive function call set is obtained by:
and inquiring the source code file according to the source code reflection sensitive function library to obtain the source code reflection sensitive function call set.
6. The application processing method according to any one of claims 1 to 5, wherein the generating a sensitive function detection set for the target application from the static analysis sensitive function call set and the dynamic analysis sensitive function call set includes:
and removing the dynamic analysis sensitive function call set in the static analysis sensitive function call set to obtain a suspected sensitive function detection set.
7. The application processing method according to any one of claims 1 to 5, wherein the generating a sensitive function detection set for the target application from the static analysis sensitive function call set and the dynamic analysis sensitive function call set includes:
and calculating an intersection of the static analysis sensitive function call set and the dynamic analysis sensitive function call set to obtain a determination sensitive function detection set.
8. The application processing method according to claim 7, characterized in that the method further comprises:
Acquiring the sensitive authority corresponding to the sensitive function in the determined sensitive function detection set;
acquiring application rights from a global configuration file obtained by decompiling an installation package of the target application program;
And generating a permission auditing report according to the sensitive permission and the application permission.
9. The application processing method according to claim 1, characterized in that the method further comprises:
receiving a sensitive function detection request aiming at the target application program and sent by a terminal;
and sending the sensitive function detection set to the terminal.
10. An application processing method, comprising:
operating a target application program, and determining whether the target application program calls a sensitive function according to a second preset sensitive function library in the operation process;
When the target application program calls the sensitive function, generating a dynamic analysis sensitive function call set according to the sensitive function, wherein the sensitive function in the dynamic analysis sensitive function call set is a function belonging to the second preset sensitive function library in the functions called by the target application program;
The dynamic analysis sensitive function call set and a function call stack are sent to a server, wherein the function call stack comprises an original code line number which is operated by the target application program when the sensitive function is called, so that the server marks the sensitive function in an original code file of the target application program according to the original code line number;
In a source code file obtained by decompiling an installation package of the target application program, a sensitive function mark is provided for the server to process in the source code file according to the position information of each sensitive function in a static analysis sensitive function call set in the source code file, wherein the static analysis sensitive function call set comprises a source code sensitive function call set and/or a source code reflection sensitive function call set, the source code sensitive function call set is determined by the server according to the source code file and a source code sensitive function library, and the source code reflection sensitive function call set is determined by the server according to the source code file and the source code reflection sensitive function library;
Wherein, the original code in the original code file of the target application program is different from the source code in the source code file.
11. The application processing method according to claim 10, wherein the running the target application includes:
And running the target application program in a sandbox program.
12. The application processing method according to claim 10, wherein the running the target application includes:
the target application is run in a different scenario.
13. The application processing method according to claim 10, wherein determining whether the target application calls a sensitive function according to a second preset sensitive function library during the running process includes:
Monitoring whether the function called by the target application program belongs to the second preset sensitive function library or not in the running process;
and when the function called by the target application program belongs to the second preset sensitive function library, determining that the sensitive function is called by the target application program.
14. The application processing method according to any one of claims 10 to 13, wherein the generating a dynamic analysis sensitive function call set from the sensitive function includes:
and writing the sensitive function into a preset set by running a hook function to obtain the dynamic analysis sensitive function call set.
15. An application processing apparatus, comprising:
The decompilation module is used for decompiling an installation package of a target application program to obtain a target file, wherein the target file comprises a source code file;
The first determining module is used for determining a static analysis sensitive function call set of the target application program according to the target file and a first preset sensitive function library, wherein the first preset sensitive function library comprises a source code sensitive function library and/or a source code reflection sensitive function library, and correspondingly, the static analysis sensitive function call set comprises a source code sensitive function call set and/or a source code reflection sensitive function call set;
The acquisition module is used for acquiring a dynamic analysis sensitive function call set and a function call stack of the target application program from test equipment, wherein the dynamic analysis sensitive function call set is determined by the test equipment according to a second preset sensitive function library in the running process of the target application program, a sensitive function in the dynamic analysis sensitive function call set is a function belonging to the second preset sensitive function library in the functions called by the target application program, and the function call stack comprises an original code line number which is run by the target application program when the sensitive function is called;
The first generation module is used for generating a sensitive function detection set for the target application program according to the static analysis sensitive function call set and the dynamic analysis sensitive function call set; acquiring position information of each sensitive function in the static analysis sensitive function call set in the source code file, and marking the sensitive function in the source code file according to the position information; marking a sensitive function in an original code file of the target application program according to the original code line number;
Wherein, the original code in the original code file of the target application program is different from the source code in the source code file.
16. An application processing apparatus, comprising:
the second determining module is used for running the target application program and determining whether the target application program calls a sensitive function or not according to a second preset sensitive function library in the running process;
the second generation module is used for generating a dynamic analysis sensitive function call set according to the sensitive function when the sensitive function is called by the target application program, wherein the sensitive function in the dynamic analysis sensitive function call set is a function belonging to the second preset sensitive function library in the functions called by the target application program;
The sending module is used for sending the dynamic analysis sensitive function call set and the function call stack to a server, wherein the function call stack comprises an original code line number which is operated by the target application program when the sensitive function is called, so that the server marks the sensitive function in an original code file of the target application program according to the original code line number;
In a source code file obtained by decompiling an installation package of the target application program, a sensitive function mark is provided for the server to process in the source code file according to the position information of each sensitive function in a static analysis sensitive function call set in the source code file, wherein the static analysis sensitive function call set comprises a source code sensitive function call set and/or a source code reflection sensitive function call set, the source code sensitive function call set is determined by the server according to the source code file and a source code sensitive function library, and the source code reflection sensitive function call set is determined by the server according to the source code file and the source code reflection sensitive function library;
Wherein, the original code in the original code file of the target application program is different from the source code in the source code file.
17. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the processor implements the application processing method according to any one of claims 1 to 9 when executing the program or the processor implements the application processing method according to any one of claims 10 to 14 when executing the program.
18. An application processing system comprising a terminal, a server for executing the application processing method according to any one of claims 1 to 9, and a test device for executing the application processing method according to any one of claims 10 to 14.
19. A computer-readable storage medium, on which a computer program is stored, characterized in that the program, when being executed by a processor, implements the application processing method according to any one of claims 1 to 9, or the program, when being executed by a processor, implements the application processing method according to any one of claims 10 to 14.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110104147.5A CN112784272B (en) | 2021-01-26 | 2021-01-26 | Application processing method, device, electronic equipment, system and storage medium |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110104147.5A CN112784272B (en) | 2021-01-26 | 2021-01-26 | Application processing method, device, electronic equipment, system and storage medium |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112784272A CN112784272A (en) | 2021-05-11 |
| CN112784272B true CN112784272B (en) | 2024-09-20 |
Family
ID=75757801
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110104147.5A Active CN112784272B (en) | 2021-01-26 | 2021-01-26 | Application processing method, device, electronic equipment, system and storage medium |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112784272B (en) |
Families Citing this family (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN114168428A (en) * | 2021-12-09 | 2022-03-11 | 中国工商银行股份有限公司 | A kind of low-efficiency code detection method and device |
| CN114398164A (en) * | 2022-01-14 | 2022-04-26 | 北京腾云天下科技有限公司 | Method performed at application detection terminal and application detection terminal |
| CN115577359A (en) * | 2022-11-03 | 2023-01-06 | 彩讯科技股份有限公司 | Android application privacy authority security detection method, device, equipment and medium |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109492398A (en) * | 2018-11-23 | 2019-03-19 | 北京梆梆安全科技有限公司 | A kind of risk detection method and device for Android application sensitive behavior |
| CN111353146A (en) * | 2020-05-25 | 2020-06-30 | 腾讯科技(深圳)有限公司 | Method, device, equipment and storage medium for detecting sensitive permission of application program |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US8572727B2 (en) * | 2009-11-23 | 2013-10-29 | International Business Machines Corporation | System, method and apparatus for simultaneous definition and enforcement of access-control and integrity policies |
| KR20130078278A (en) * | 2011-12-30 | 2013-07-10 | (주)이지서티 | Smartphone malicious application detect system and method |
| CN103473509A (en) * | 2013-09-30 | 2013-12-25 | 清华大学 | Android platform malware automatic detecting method |
| US9792433B2 (en) * | 2013-12-30 | 2017-10-17 | Beijing Qihoo Technology Company Limited | Method and device for detecting malicious code in an intelligent terminal |
| WO2017126786A1 (en) * | 2016-01-19 | 2017-07-27 | 삼성전자 주식회사 | Electronic device for analyzing malicious code and method therefor |
| CN108734007A (en) * | 2017-04-13 | 2018-11-02 | 中国移动通信集团上海有限公司 | A kind of processing method and processing device of monitoring application program |
| CN111027070B (en) * | 2019-12-02 | 2022-05-03 | 厦门大学 | Malicious application detection method, medium, device and device |
-
2021
- 2021-01-26 CN CN202110104147.5A patent/CN112784272B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN109492398A (en) * | 2018-11-23 | 2019-03-19 | 北京梆梆安全科技有限公司 | A kind of risk detection method and device for Android application sensitive behavior |
| CN111353146A (en) * | 2020-05-25 | 2020-06-30 | 腾讯科技(深圳)有限公司 | Method, device, equipment and storage medium for detecting sensitive permission of application program |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112784272A (en) | 2021-05-11 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Gibler et al. | Androidleaks: Automatically detecting potential privacy leaks in android applications on a large scale | |
| CN112035354B (en) | Positioning method, device and equipment of risk codes and storage medium | |
| CN112784272B (en) | Application processing method, device, electronic equipment, system and storage medium | |
| CN113489713B (en) | Network attack detection method, device, equipment and storage medium | |
| CN110225104B (en) | Data acquisition method, device and terminal device | |
| US9747449B2 (en) | Method and device for preventing application in an operating system from being uninstalled | |
| Wang et al. | Leakdoctor: Toward automatically diagnosing privacy leaks in mobile applications | |
| CN111563015A (en) | Data monitoring method and device, computer readable medium and terminal equipment | |
| WO2021243555A1 (en) | Quick application test method and apparatus, device, and storage medium | |
| CN112817603B (en) | Application processing method, device, electronic equipment, system and storage medium | |
| US9348977B1 (en) | Detecting malware in content items | |
| CN111046393B (en) | Vulnerability information uploading method and device, terminal equipment and storage medium | |
| CN112632547A (en) | Data processing method and related device | |
| CN116450533B (en) | Security detection method and device for application program, electronic equipment and medium | |
| US10503929B2 (en) | Visually configurable privacy enforcement | |
| CN117112016A (en) | Code operation behavior detection methods, devices, media and electronic equipment | |
| CN117668820A (en) | A method, device, medium and equipment for monitoring the spread of personal information | |
| CN112749078B (en) | Buried point testing method and device | |
| CN113703780B (en) | Decompilation detection and webpage resource data sending method, device, equipment and medium | |
| US20250298898A1 (en) | Analysis evasion function detection system and analysis evasion function detection method | |
| CN111090835B (en) | Method and device for constructing file derivative graph | |
| Pistoia et al. | Automatic detection, correction, and visualization of security vulnerabilities in mobile apps | |
| CN118779846A (en) | Method, device, equipment and storage medium for determining string list information | |
| Heid et al. | Context Correlation for Automated Dynamic Android App Analysis to Improve Impact Rating of Privacy and Security Flaws | |
| Kim et al. | Vulnerability Assessment of Android SQLite Database for Information Exposure Detection |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| CB02 | Change of applicant information | ||
| CB02 | Change of applicant information |
Address after: Room 221, 2 / F, block C, 18 Kechuang 11th Street, Daxing District, Beijing, 100176 Applicant after: Jingdong Technology Holding Co.,Ltd. Address before: Room 221, 2 / F, block C, 18 Kechuang 11th Street, Daxing District, Beijing, 100176 Applicant before: Jingdong Digital Technology Holding Co.,Ltd. |
|
| GR01 | Patent grant | ||
| GR01 | Patent grant |