[go: up one dir, main page]

HK1225116A - Method for dynamically controlling application function based on environment detection - Google Patents

Method for dynamically controlling application function based on environment detection Download PDF

Info

Publication number
HK1225116A
HK1225116A HK16113126.2A HK16113126A HK1225116A HK 1225116 A HK1225116 A HK 1225116A HK 16113126 A HK16113126 A HK 16113126A HK 1225116 A HK1225116 A HK 1225116A
Authority
HK
Hong Kong
Prior art keywords
application
client
threshold
risk score
application program
Prior art date
Application number
HK16113126.2A
Other languages
Chinese (zh)
Other versions
HK1225116A1 (en
HK1225116B (en
Filing date
Publication date
Application filed filed Critical
Publication of HK1225116A1 publication Critical patent/HK1225116A1/en
Publication of HK1225116A publication Critical patent/HK1225116A/en
Publication of HK1225116B publication Critical patent/HK1225116B/en

Links

Description

Dynamic application function control method based on environment detection
Technical Field
The present invention relates to a method for dynamically loading application functions, and more particularly, to a method for controlling dynamic application functions based on environmental detection。
Background
On an Android platform, the security of applications, particularly payment applications, is seriously affected by viruses, bugs, trojans and the like. Various Android clients at present have a certain self-protection function, but are still limited to the ideas of enhancing application complexity and increasing cracking difficulty, and known unsafe environments are not fundamentally protected.
Disclosure of Invention
In order to solve the problems, the application discloses a method for detecting the environment of a mobile platform and dynamically loading an application function according to an environment detection result, for applications which are sensitive to privacy, transactions and the like, the environmental security is detected firstly, the current environment is graded according to the detection condition, the application function with the corresponding grade is loaded, if the environment is judged to be dangerous, the functions of financial transaction is involved, the functions of payment and the like refuse to load and prompt a user to clear the environment, and the application security is guaranteed.
According to an aspect of the present application, there is provided a method for dynamically controlling application functions at a client, comprising: starting an application program, wherein the application program only contains the frame function codes; after the application program is started, loading a security module, wherein the security module sends a request about scanning a configuration file to a server side; scanning the application environment of the client according to the configuration file received from the server, and sending the scanning result to the server to generate a risk score; and receiving from the server side functional code that is allowed to be loaded in the current application environment, the functional code being produced by the server side based on the generated risk score.
In the above method, the application program has one or more functions, and wherein the application program is provided at the clientWhen there is a risk with the environment, the application is disabled for one or more of its all functions.
In the method, when the application environment of the client is in risk, the user is guided to repair the system.
In the above method, the scan configuration file is periodically updated or maintained by an operation maintenance manager.
In the above method, when the generated risk score is greater than a first threshold but less than a second threshold, the application is disabled its first functionality; and when the generated risk score is greater than the second threshold but less than a third threshold, the application is disabled for its first and second functions.
According to another aspect of the present application, there is provided a method for dynamically controlling application functions on a server side, including: receiving a request from a security module of a client, the request relating to providing a scan profile; returning a configuration file for the client to execute scanning according to the request; receiving a scanning result from a client and evaluating the scanning result to generate a risk score; determining that a part of functions of the application program need to be disabled according to the scanning result and the generated risk score; and generating a function code adaptive to the current application environment of the client based on the determined result, and sending the function code to the client for loading.
In the above method, the application program has one or more functions, and wherein the application program is disabled one or more of all its functions when the application environment of the client is at risk.
In the method, when the application environment of the client is in risk, the client guides the user to repair the system.
In the above method, the scan configuration file is periodically updated or maintained by an operation maintenance manager.
In the above method, when the generated risk score is greater than a first threshold but less than a second threshold, disabling a first function of the application; and when the generated risk score is greater than the second threshold but less than a third threshold, disabling the first and second functionality of the application.
In the method, the application environment of the client is Android.
Drawings
The various aspects of the present invention will become more apparent to those of ordinary skill in the art after reading the detailed description of the invention in light of the accompanying drawings. Those skilled in the art will understand that: these drawings are only for the purpose of illustrating the technical solutions of the present invention in connection with the embodiments and are not intended to limit the scope of the present invention.
Fig. 1 is a schematic diagram of a dynamic application function control method based on environment detection according to an embodiment of the present application.
Detailed Description
The following description is of some of the many possible embodiments of the invention and is intended to provide a basic understanding of the invention and is not intended to identify key or critical elements of the invention or to delineate the scope of the invention. It is easily understood that according to the technical solution of the present invention, other implementations that can be substituted with each other can be suggested by those skilled in the art without changing the spirit of the present invention. Therefore, the following detailed description and the accompanying drawings are merely illustrative of the technical aspects of the present invention, and should not be construed as all of the present invention or as limitations or limitations on the technical aspects of the present invention.
As described in the background, the current protective measures for various Android clients are limitedThe idea of enhancing the application complexity and increasing the cracking difficulty is not fundamentally protected for the known unsafe environment.
In order to solve the problem, the basic idea of the application is to disable relevant important functions, refuse to serve the user and prompt the user to upgrade or repair the system for reuse if the current environment is known to be possibly threatened and unsafe. The method increases the safety by losing certain user experience and ensures the transaction safety.
In a specific embodiment, as shown with reference to FIG. 1, an application program is first launched by a user, the application containing only framework function code. Next, the application loads the security scanning module, and the security scanning module requests the server to scan a configuration file (the configuration file specifies the configuration information related to the scanning, such as the detection object and the detection method). Then, the server receives the application request, reads a local configuration file (the configuration file can be modified by the operation and maintenance personnel through the background management page), and returns the configuration file to the client application.
The profile content may be exemplified as follows:
1) is the system root? (if a root exists, it indicates that the application may be maliciously read the relevant data);
2) is there a user trust certificate in the system? (HTTPS spoofing may exist when the user connects external WIFI);
3) is there a security vulnerability known to affect the current version of the system? (if the existing bug is known, prompting the user to upgrade and closing the relevant function influenced by the bug);
4) malicious APP;
5) is the application the latestNumber);
6) WIFI is the system accessed;
7) is there an unidentified APP in the system? (unknown APPs in the system may be malicious as a general consideration);
after receiving the scanning configuration file from the server, the security module scans and detects the system according to the scanning configuration file and generates a scanning result. Then, the client sends the scanning results to the server, and the server evaluates each scanning result and generates a risk score according to the current background rule (the rule can be dynamically adjusted by operation and maintenance personnel through a background management interface). In one specific example, the rules are exemplified as follows:
risk item Value of risk
System presence unknown certificate +30 points
The system is accessed to WIFI and detects the existence of a man-in-the-middle +50 points
System presence malicious APP +50 points
Known bugs exist in current application versions +10 points
Systematic root but no other risk items +10 points
System presence unknown APP +20 points
Systematic root and presence of unknown APP +50 points
And then, the server disables the related functions according to the scanning result and the risk score. The current application is assumed to have 5 functions of logging in, inquiring, purchasing products, transferring in line and transferring across lines. Disabling "cross-bank" transfers when the risk value is greater than 20, taking into account the risk value factor; when the risk value is more than 40, the transfer function is forbidden; disabling the "buy" feature when the risk value is greater than 60; when the risk value is greater than 80, the "query" function is disabled. In one embodiment, designated function disable items are additionally considered. For example, when it is known that a certain version of the "buy" function has a vulnerability, other functions are normal. For another example, when there is a missing version reported by a clientIn the case of a hole, although the risk value is not high at this time, the "purchase" function needs to be disabled, and in this case, the risk value corresponding to the bug version cannot be adjusted up because other functions can be used normally. Those skilled in the art will appreciate which functions are disabled may be dynamically adjusted according to the current security situation.
And then, according to the function forbidden condition, the server dynamically generates loadable function codes for the client to run. And after receiving the function codes, the client loads and runs, and for the forbidden functions, no related codes exist, so that the corresponding functions cannot be executed. Preferably, the client may direct the user to repair the system based on the risk value.
Compared with the prior art, the application can clearly know the security threat of the current operating environment to payment and transaction. The application can effectively load or disable the related functions, and the risk brought by the environmental threat is reduced. The background server can dynamically adjust the strategy and modify the application loading function items according to the recent security trend change. For example, currently, android4.4.1 is a mainstream version which is relatively safe, but by 2017, android4.4.1 may already disclose more security holes, a system which is not upgraded has a problem of affecting transaction security, and a background can appropriately disable related functions, such as only allowing query and not allowing transfer, so as to reduce transaction risk. The application can pertinently guide the user to repair the system, and the safety is improved. In addition, the technical scheme of the application can also consider collecting the safety state of each system in the current area for the reference of subsequent product design, product research and development, product popularization, safety research and the like.
Hereinbefore, specific embodiments of the present invention are described with reference to the drawings. However, those skilled in the art will appreciate that various modifications and substitutions can be made to the specific embodiments of the present invention without departing from the spirit and scope of the invention. Such modifications and substitutions are intended to be included within the scope of the present invention as defined by the appended claims.

Claims (11)

1. A method of dynamically controlling application functionality at a client, comprising:
starting an application program, wherein the application program only contains the frame function codes;
after the application program is started, loading a security module, wherein the security module sends a request about scanning a configuration file to a server side;
scanning the application environment of the client according to the configuration file received from the server, and sending the scanning result to the server to generate a risk score; and
receiving, from the server side, function code that is allowed to be loaded in the current application environment, the function code being produced by the server side based on the generated risk score.
2. The method of claim 1, wherein the application program presents one or more functionalities, and wherein the application program is disabled one or more of its all functionalities when an application environment of the client is at risk.
3. The method of claim 1, wherein a user is directed to remediate a system when an application environment of the client is at risk.
4. The method of claim 1, wherein the scan profile is periodically updated or maintained by an operations maintenance manager.
5. The method of claim 2, wherein the application is disabled its first functionality when the generated risk score is greater than a first threshold but less than a second threshold; and when the generated risk score is greater than the second threshold but less than a third threshold, the application is disabled for its first and second functions.
6. A method for dynamically controlling application functions at a server side, comprising:
receiving a request from a security module of a client, the request relating to providing a scan profile;
returning a configuration file for the client to execute scanning according to the request;
receiving a scanning result from a client and evaluating the scanning result to generate a risk score;
determining that a part of functions of the application program need to be disabled according to the scanning result and the generated risk score; and
and generating a function code adaptive to the current application environment of the client based on the determined result, and sending the function code to the client for loading.
7. The method of claim 6, wherein the application program presents one or more functionalities, and wherein the application program is disabled one or more of its all functionalities when the application environment of the client is at risk.
8. The method of claim 6, wherein the client directs a user to repair a system when an application environment of the client is at risk.
9. The method of claim 6, wherein the scan profile is periodically updated or maintained by an operations maintenance manager.
10. The method of claim 7, wherein when the generated risk score is greater than a first threshold but less than a second threshold, disabling a first functionality of the application; and when the generated risk score is greater than the second threshold but less than a third threshold, disabling the first and second functionality of the application.
11. The method according to any one of claims 1-10, wherein the application environment of the client is Android.
HK16113126.2A 2016-11-16 Method for dynamically controlling application function based on environment detection HK1225116B (en)

Publications (3)

Publication Number Publication Date
HK1225116A1 HK1225116A1 (en) 2017-09-01
HK1225116A true HK1225116A (en) 2017-09-01
HK1225116B HK1225116B (en) 2020-03-13

Family

ID=

Similar Documents

Publication Publication Date Title
US9158919B2 (en) Threat level assessment of applications
Gupta et al. Static analysis approaches to detect SQL injection and cross site scripting vulnerabilities in web applications: A survey
US20150310213A1 (en) Adjustment of protection based on prediction and warning of malware-prone activity
US9659173B2 (en) Method for detecting a malware
US10009370B1 (en) Detection and remediation of potentially malicious files
US20150128278A1 (en) System and method for correcting antivirus records using antivirus server
EP2663944B1 (en) Malware detection
CN103001947A (en) A program processing method and system
CN104036166B (en) The user of forced symmetric centralization is supported to put forward power method
US9280674B2 (en) Information processing apparatus and method of controlling same
EP3211557B1 (en) Method for dynamically controlling application function based on environment detection
US20170185777A1 (en) Hardware assisted branch transfer self-check mechanism
CN102999721A (en) Program processing method and system
EP3482335B1 (en) Mitigation of malicious actions associated with graphical user interface elements
CN103870761A (en) Leak prevention method and device based on local virtual environment
KR101386605B1 (en) Method for detecting malicious code by permission management
HK1225116A1 (en) Method for dynamically controlling application function based on environment detection
HK1225116A (en) Method for dynamically controlling application function based on environment detection
US12277218B2 (en) Managing and classifying computer processes
US11886584B2 (en) System and method for detecting potentially malicious changes in applications
CN111523115A (en) Information determination method, function calling method and electronic equipment
KR101427412B1 (en) Method and device for detecting malicious code for preventing outflow data
CN106599684A (en) Detection method and system of entity file-free malicious code
EP4478224B1 (en) Whitelisting method for blocking script-based malware
US9350755B1 (en) Method and apparatus for detecting malicious software transmission through a web portal