CN110414215A - Application program privacy authority states bearing calibration, device and electronic equipment - Google Patents
Application program privacy authority states bearing calibration, device and electronic equipment Download PDFInfo
- Publication number
- CN110414215A CN110414215A CN201910545213.5A CN201910545213A CN110414215A CN 110414215 A CN110414215 A CN 110414215A CN 201910545213 A CN201910545213 A CN 201910545213A CN 110414215 A CN110414215 A CN 110414215A
- Authority
- CN
- China
- Prior art keywords
- api
- list
- library
- privacy authority
- application
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/629—Protecting access to data via a platform, e.g. using keys or access control rules to features or functions of an application
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Theoretical Computer Science (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Stored Programmes (AREA)
Abstract
The invention discloses a kind of application program privacy authority statement bearing calibration, device and electronic equipments, this method comprises: receiving privacy authority states correction instruction;The first API identification list is obtained, includes: the mark that can trigger the API of application crash in IOS official SDK in the first API identification list;Obtain the 2nd API identification list, include: in the 2nd API identification list destination application actual use to but privacy authority statement in state privacy authority API mark;Intersection is taken to the first API identification list and the 2nd API identification list, obtains the 3rd API identification list;According to the 3rd API identification list, the privacy authority statement of destination application is corrected.As it can be seen that can provide foundation in the embodiment of the present invention to correct the privacy authority statement of destination application, to reduce the collapse rate of destination application, promote application program and audit percent of pass, and then reduce development cost.
Description
Technical field
The present invention relates to applicating developing technology fields, state correction side more particularly to a kind of application program privacy authority
Method, device and electronic equipment.
Background technique
After 10 system of IOS, Apple Inc. strengthens control to privacy of user permission, if application program is not provided with
Privacy authority statement, application program will directly collapse, and Apple Inc. uses stringent application program review mechanism, once hair
Existing application crash will refuse its restocking or force undercarriage from AppStore, cause certain development cost.Therefore,
It needs to propose a kind of application program privacy authority statement bearing calibration, to reduce application crash rate, promotes application program and examine
Core percent of pass, and then reduce development cost.
Summary of the invention
The embodiment of the present invention provides a kind of application program privacy authority statement bearing calibration, device and electronic equipment, with solution
Certainly the technical issues of application development higher cost existing in the prior art.
According to the first aspect of the invention, a kind of application program privacy authority statement bearing calibration, the method are disclosed
Include:
The privacy authority received for destination application triggering states correction instruction;
Obtain the first API identification list, wherein include: that can trigger in the first API identification list in IOS official SDK
The mark of the API of application crash;
Obtain the 2nd API identification list, wherein include: that the destination application is real in the 2nd API identification list
Border uses but does not state in privacy authority statement the mark of the API of privacy authority;
Intersection is taken to the first API identification list and the 2nd API identification list, obtains the 3rd API identification list;
According to the 3rd API identification list, the privacy authority statement of the destination application is corrected.
Optionally, as one embodiment, the first API identification list of the acquisition, comprising:
IOS official SDK is obtained, and extracts the library comprising open API in the IOS official SDK;
IOS official Info.plist file is obtained, and extracts privacy authority key in the IOS official Info.plist file
Value key;
The corresponding API of the key is extracted from the library comprising open API, obtains privacy authority API list;
According to the privacy authority API list, the first API identification list is generated.
Optionally, described according to the privacy authority API list as one embodiment, generate the first API identity column
Table, comprising:
By presetting application crash test case, the API in the privacy authority API list is surveyed one by one
Examination obtains the API list that can trigger application crash;
The mark of each API in the API list of the triggerable application crash is extracted, the first API identification list is generated.
Optionally, as one embodiment, the 2nd API identification list of the acquisition, comprising:
According to the API list of the triggerable application crash, extracted from the library comprising open API comprising can
Trigger the library of the API of application crash;
The Info.plist file of the destination application is obtained, and extracts the destination application
Privacy authority key in Info.plist file;
According to the privacy authority key in the Info.plist file of the destination application, from described comprising can trigger
The library of without proper notice privacy authority is extracted in the library of the API of application crash, wherein the library of the without proper notice privacy authority is institute
State the library where destination application does not state the API of privacy authority in privacy authority statement;
The dependence library for obtaining the destination application takes friendship to the library in the dependence library and the without proper notice privacy authority
Collection, obtains the list of intersection library;
According to intersection library list, the 2nd API identification list is generated.
Optionally, described according to intersection library list as one embodiment, generate the 2nd API identification list, packet
It includes:
From the official document of the destination application, the corresponding API of intersection library list is extracted, generates first
API list;
From the library comprising can trigger the API of application crash, the corresponding API of intersection library list is extracted,
Generate the second API list;
Intersection is taken to first API list and second API list, obtains third API list;
The mark of each API in the third API list is extracted, the 2nd API identification list is generated.
According to the second aspect of the invention, a kind of application program privacy authority statement means for correcting, described device are disclosed
Include:
Receiving module, for receiving the privacy authority statement correction instruction for being directed to destination application triggering;
First obtains module, for obtaining the first API identification list, wherein include: in the first API identification list
It can trigger the mark of the API of application crash in IOS official SDK;
Second obtains module, for obtaining the 2nd API identification list, wherein include: in the 2nd API identification list
Destination application actual use to but do not stated in privacy authority statement privacy authority API mark;
Processing module obtains for taking intersection to the first API identification list and the 2nd API identification list
Three API identification lists;
Correction module, for stating the privacy authority of the destination application according to the 3rd API identification list
It is corrected.
Optionally, as one embodiment, the first acquisition module includes:
First extracting sub-module for obtaining IOS official SDK, and is extracted in the IOS official SDK comprising open API's
Library;
Second extracting sub-module for obtaining IOS official Info.plist file, and extracts the IOS official
Privacy authority key assignments key in Info.plist file;
Third extracting sub-module obtains hidden for extracting the corresponding API of the key from the library comprising open API
Private rights limit API list;
First generates submodule, for generating the first API identification list according to the privacy authority API list.
Optionally, as one embodiment, the first generation submodule includes:
Test cell is used for by presetting application crash test case, in the privacy authority API list
API is tested one by one, obtains the API list that can trigger application crash;
First generation unit, the mark of each API in the API list for extracting the triggerable application crash are raw
At the first API identification list.
Optionally, as one embodiment, the second acquisition module includes:
4th extracting sub-module, for the API list according to the triggerable application crash, from described comprising open
The library of the API comprising can trigger application crash is extracted in the library of API;
5th extracting sub-module for obtaining the Info.plist file of the destination application, and extracts the mesh
Mark the privacy authority key in the Info.plist file of application program;
6th extracting sub-module, for the privacy authority in the Info.plist file according to the destination application
Key, from it is described comprising can trigger application crash API library in extract without proper notice privacy authority library, wherein it is described not
Where stating that the API of privacy authority is not stated in the library of privacy authority for the destination application in privacy authority statement
Library;
Submodule is handled, for obtaining the dependence library of the destination application, to the dependence library and the without proper notice
The library of privacy authority takes intersection, obtains the list of intersection library;
Second generates submodule, for generating the 2nd API identification list according to intersection library list.
Optionally, as one embodiment, the second generation submodule includes:
First extraction unit, for extracting intersection library list pair from the official document of the destination application
The API answered generates the first API list;
Second extraction unit, for extracting the intersection from the library comprising can trigger the API of application crash
List corresponding API in library generates the second API list;
Processing unit obtains the 3rd API column for taking intersection to first API list and second API list
Table;
Second generation unit generates the 2nd API identity column for extracting the mark of each API in the third API list
Table.
According to the third aspect of the invention we, a kind of electronic equipment is disclosed, the electronic equipment includes: memory, processing
Device and it is stored in the computer program that can be run on the memory and on the processor, the computer program is described
Processor realizes the step in application program privacy authority statement bearing calibration as described above when executing.
According to the fourth aspect of the invention, a kind of computer readable storage medium, the computer-readable storage are disclosed
Computer program is stored on medium, the computer program realizes application program privacy as described above when being executed by processor
Step in rights statements bearing calibration.
In the embodiment of the present invention, the correlation of the API of application crash can be can trigger in IOS official SDK by obtaining
Information and destination application actual use are arrived but the relevant information of unstated API, the two take intersection, determine that target is answered
With program actual use arrive but without proper notice and can trigger collapse API, for correct destination application privacy authority
Statement provides foundation, to reduce the collapse rate of destination application, promotes application program and audits percent of pass, so reduce exploitation at
The restocking period of this and guarantee application program.
Detailed description of the invention
Fig. 1 is the flow chart of the application program privacy authority statement bearing calibration of one embodiment of the present of invention;
Fig. 2 is a kind of flow chart of embodiment of the step 102 of one embodiment of the present of invention;
Fig. 3 is a kind of flow chart of embodiment of the step 103 of one embodiment of the present of invention;
Fig. 4 is the structural block diagram of the application program privacy authority statement means for correcting of one embodiment of the present of invention.
Specific embodiment
In order to make the foregoing objectives, features and advantages of the present invention clearer and more comprehensible, with reference to the accompanying drawing and specific real
Applying mode, the present invention is described in further detail.
It should be noted that for simple description, therefore, it is stated as a series of action groups for embodiment of the method
It closes, but those skilled in the art should understand that, embodiment of that present invention are not limited by the describe sequence of actions, because according to
According to the embodiment of the present invention, some steps may be performed in other sequences or simultaneously.Secondly, those skilled in the art also should
Know, the embodiments described in the specification are all preferred embodiments, and the related movement not necessarily present invention is implemented
Necessary to example.
After 10 system of IOS, Apple Inc. strengthens control to privacy of user permission, specifically, applying for one
For program, the privacy authority API needs which uses are stated in the Info.plist file of the application program,
If do not stated, application program application program at invoking privacy permission API (for example, camera permission) can collapse, and apple
Fruit company uses stringent application program review mechanism, once discovery application crash, will refuse its restocking or from App
Store forces undercarriage, causes certain development cost.
In order to solve the above-mentioned technical problem, the embodiment of the invention provides a kind of application program privacy authorities to state correction side
Method, device and electronic equipment.
In order to make it easy to understand, some concepts being related in the embodiment of the present invention are introduced first below.
SDK (Software Development Kit, Software Development Kit) is typically all that some software engineers are
The set of developing instrument when specific software package, software frame, hardware platform, operating system etc. establish application software.
API (Application Programming Interface, application programming interface) is some pre-defined
Function, it is therefore an objective to provide application program and developer based on certain software or hardware be able to access one group of routine ability, and
It is not necessarily to access source code again, or understands the details of internal work mechanism.
Info.plist file is used to provide to IOS about application program, and bundle or framework's is some important
Information, Info.plist file specify an application program how should start, privacy authority etc., Info.plist file is real
It is the XML file of the predefined schema of Apple Inc. on border.
Next a kind of application program privacy authority statement bearing calibration provided in an embodiment of the present invention is introduced.
Fig. 1 is the flow chart of the application program privacy authority statement bearing calibration of one embodiment of the present of invention, this method
Executed by electronic equipment, in practical applications, the electronic equipment can be server, as shown in Figure 1, this method may include with
Lower step: step 101, step 102, step 103, step 104 and step 105, wherein
In a step 101, the privacy authority received for destination application triggering states correction instruction.
After 10 system of IOS, Apple Inc. is provided: the privacy authority API that application program uses needs to answer at this
It is stated in the Info.plist file of program, if do not stated, will lead to application crash.Although Apple Inc. advises
Calmly: the privacy authority API that application program uses needs to state in the Info.plist file of the application program, but reality
In the application of border for some reason, there may be following situations: the privacy authority API that application program uses, and not at this
It is stated in the Info.plist file of application program, in order to avoid application crash, needs the privacy authority to application program
Statement is corrected.
In the embodiment of the present invention, the privacy authority statement configuration of destination application is in destination application
In Info.plist file, privacy authority statement correction instruction executes subsequent step 102 to the behaviour in step 105 for triggering
Make, to complete the correction of the privacy authority statement to destination application.
In a step 102, the first API identification list is obtained, wherein include: IOS official SDK in the first API identification list
In can trigger application crash API mark.
In the embodiment of the present invention, for can trigger the API of application crash in IOS official SDK, if application program is not
The API is stated in Info.plist file, then application program application program when calling the API can collapse.
In the embodiment of the present invention, the mark of API can be the key for stating the API privacy authority.
In step 103, the 2nd API identification list is obtained, wherein include: target application journey in the 2nd API identification list
Sequence actual use to but privacy authority statement in state privacy authority API mark.
At step 104, intersection is taken to the first API identification list and the 2nd API identification list, obtains the 3rd API mark
List.
It include: that destination application actual use is arrived but not hidden in the embodiment of the present invention, in the 3rd API identification list
The mark of the API of destination application collapse is stated and can triggered in private rights statements.
In the embodiment of the present invention, destination application is actually used to but is not stated simultaneously in privacy authority statement
And the API of destination application collapse can be triggered, since destination application does not state the API in privacy authority statement, because
, when destination application is when dispatching the API, which collapses for this.
In step 105, according to the 3rd API identification list, the privacy authority statement of destination application is corrected.
In the embodiment of the present invention, after obtaining the 3rd API identification list, the API in the 3rd API identification list can be marked
Corresponding privacy authority API configuration is known in the Info.plist file of destination application, to realize to destination application
Privacy authority statement correction.
As seen from the above-described embodiment, it in the embodiment, can be collapsed by obtaining triggerable application program in IOS official SDK
Relevant information and the destination application actual use of routed API is arrived but the relevant information of unstated API, the two take intersection,
Determine destination application actual use arrive but without proper notice and can trigger collapse API, for correct target application journey
The privacy authority statement of sequence provides foundation, to reduce the collapse rate of destination application, promotes application program and audits percent of pass, into
And it reduces development cost and ensures the restocking period of application program.
In one embodiment provided by the invention, it can be parsed by the official document to IOS, obtain first
API identification list, at this point, as shown in Fig. 2, Fig. 2 is a kind of stream of embodiment of the step 102 of one embodiment of the present of invention
Cheng Tu, above-mentioned steps 102 can specifically include following steps: step 201, step 202, step 203 and step 204, wherein
In step 201, IOS official SDK is obtained, and extracts the library comprising open API in IOS official SDK.
In order to make it easy to understand, the relationship of key in API, library and Info.plist file is described first, API storage
It may include one or more API in a library, key from library for searching corresponding API, wherein Apple Inc. in library
Included library is usually the library of the entitled .framework of suffix.
It in the embodiment of the present invention, can use program analysis tool " nm tool ", extract disclosed in IOS official SDK
API obtains open API list;Later according to open API list, the library comprising open API is obtained.
In step 202, IOS official Info.plist file is obtained, and is extracted hidden in IOS official Info.plist file
Private rights limit key.
In the embodiment of the present invention, by extracting privacy authority key in IOS official Info.plist file, opened to obtain IOS
Commonly used privacy of user permission in hair, wherein commonly used privacy of user permission is as follows in IOS exploitation:
<key>NSBluetoothPeripheralUsageDescription</key>
<string>app needs your agreement, could access bluetooth</string>
<key>NSCalendarsUsageDescription</key>
<string>app needs your agreement, could access calendar</string>
<key>NSCameraUsageDescription</key>
<string>app needs your agreement, could access camera</string>
<key>NSHealthShareUsageDescription</key>
<string>app needs your agreement, could access health sharing</string>
<key>NSHealthUpdateUsageDescription</key>
<string>app needs your agreement, could access health update</string>
<key>NSLocationAlwaysUsageDescription</key>
<string>app needs your agreement, could access position always</string>
<key>NSLocationUsageDescription</key>
<string>app needs your agreement, could access position</string>
<key>NSLocationWhenInUseUsageDescription</key>
<string>app needs your agreement, could access position during use</string>
<key>NSMicrophoneUsageDescription</key>
<string>app needs your agreement, could access microphone</string>
<key>NSMotionUsageDescription</key>
<string>app needs your agreement, could access sport and fitness</string>
<key>NSPhotoLibraryUsageDescription</key>
<string>app needs your agreement, could access photograph album</string>
<key>NSRemindersUsageDescription</key>
<string>app needs your agreement, could access and remind item</string>
In step 203, the corresponding API of key is extracted from the library comprising open API, obtains privacy authority API list.
In the embodiment of the present invention, the API in privacy authority API list is to need in the privacy authority statement of application program
The API of statement.
In step 204, according to privacy authority API list, the first API identification list is generated.
In the embodiment of the present invention, the survey of privacy authority API triggering application crashes can be write by automatic test software
Example on probation, at this point, above-mentioned steps 204 can specifically include following steps (not shown): step 2041 and step 2042,
In,
In step 2041, by preset application crash test case, to the API in privacy authority API list into
Row is tested one by one, obtains the API list that can trigger application crash;
In the embodiment of the present invention, the API in the API list of application crash can trigger are as follows: if not in application program
Privacy authority statement in state, then will lead to the API of application crash.
In step 2042, the mark of each API in the API list that can trigger application crash is extracted, the first API is generated
Identification list.
As it can be seen that can be parsed by the official document to IOS in the embodiment of the present invention, obtain the first API identity column
Table enriches the acquisition modes of the first API identification list.
In one embodiment provided by the invention, it can be carried out by the Info.plist file to destination application
Parsing, obtains the 2nd API identification list, at this point, as shown in figure 3, Fig. 3 is the one of the step 103 of one embodiment of the present of invention
The flow chart of kind embodiment, above-mentioned steps 103 can specifically include following steps: step 301, step 302, step 303, step
Rapid 304 and step 305, wherein
In step 301, according to the API list of triggerable application crash, packet is extracted from the library comprising open API
The library of API containing triggerable application crash.
In the embodiment of the present invention, it can be obtained according to the corresponding relationship of API and library comprising can trigger application crash
The library of API.It include that can trigger application crash in the library for the library of the API comprising can trigger application crash
API。
In step 302, the Info.plist file of destination application is obtained, and extracts destination application
Privacy authority key in Info.plist file.
It, can by the privacy authority key in the Info.plist file of extraction destination application in the embodiment of the present invention
To know which API destination application states in privacy authority statement, destination application can also be known in privacy
Which API of without proper notice in rights statements.
In step 303, according to the privacy authority key in the Info.plist file of destination application, from comprising can
Trigger the library that without proper notice privacy authority is extracted in the library of the API of application crash, wherein the library of without proper notice privacy authority is mesh
Mark the library where application program does not state the API of privacy authority in privacy authority statement.
In the embodiment of the present invention, the library of without proper notice privacy authority is that destination application is not stated in privacy authority statement
And it will lead to the library where the API of application crash.
In step 304, the dependence library for obtaining destination application takes friendship to the library for relying on library and without proper notice privacy authority
Collection, obtains the list of intersection library.
In the embodiment of the present invention, otool tool can use, obtain the dependence library of destination application.
In the embodiment of the present invention, intersection library be destination application actually use to but not privacy authority statement in sound
It is bright and will lead to the library where the API of application crash.
In step 305, according to the list of intersection library, the 2nd API identification list is generated.
In the embodiment of the present invention, it is corresponding can to extract the list of intersection library from the official document of destination application
API generates the first API list;From the library of the API comprising can trigger application crash, it is corresponding to extract the list of intersection library
API generates the second API list;Intersection is taken to the first API list and the second API list, obtains third API list;Extract third
The mark of each API in API list generates the 2nd API identification list.
As it can be seen that in the embodiment of the present invention, can by Info.plist file to destination application, official document and
It relies on library to be parsed, obtains the 2nd API identification list, enrich the acquisition modes of the 2nd API identification list.
Fig. 4 is the structural block diagram of the application program privacy authority statement means for correcting of one embodiment of the present of invention, such as Fig. 4
Shown, application program privacy authority states means for correcting 400, may include: that receiving module 401, first obtains module 402, the
Two obtain module 403, processing module 404 and correction module 405, wherein
Receiving module 401, for receiving the privacy authority statement correction instruction for being directed to destination application triggering;
First obtains module 402, for obtaining the first API identification list, wherein wrap in the first API identification list
It includes: can trigger the mark of the API of application crash in IOS official SDK;
Second obtains module 403, for obtaining the 2nd API identification list, wherein wrap in the 2nd API identification list
Include: destination application actual use to but do not stated in privacy authority statement privacy authority API mark;
Processing module 404 is obtained for taking intersection to the first API identification list and the 2nd API identification list
3rd API identification list;
Correction module 405 is used for according to the 3rd API identification list, to the privacy authority of the destination application
Statement is corrected.
As seen from the above-described embodiment, it in the embodiment, can be collapsed by obtaining triggerable application program in IOS official SDK
Relevant information and the destination application actual use of routed API is arrived but the relevant information of unstated API, the two take intersection,
Determine destination application actual use arrive but without proper notice and can trigger collapse API, for correct target application journey
The privacy authority statement of sequence provides foundation, to reduce the collapse rate of destination application, promotes application program and audits percent of pass, into
And it reduces development cost and ensures the restocking period of application program.
Optionally, module 402 is obtained as one embodiment, described first, may include:
First extracting sub-module for obtaining IOS official SDK, and is extracted in the IOS official SDK comprising open API's
Library;
Second extracting sub-module for obtaining IOS official Info.plist file, and extracts the IOS official
Privacy authority key assignments key in Info.plist file;
Third extracting sub-module obtains hidden for extracting the corresponding API of the key from the library comprising open API
Private rights limit API list;
First generates submodule, for generating the first API identification list according to the privacy authority API list.
Optionally, submodule is generated as one embodiment, described first, may include:
Test cell is used for by presetting application crash test case, in the privacy authority API list
API is tested one by one, obtains the API list that can trigger application crash;
First generation unit, the mark of each API in the API list for extracting the triggerable application crash are raw
At the first API identification list.
Optionally, module 403 is obtained as one embodiment, described second, may include:
4th extracting sub-module, for the API list according to the triggerable application crash, from described comprising open
The library of the API comprising can trigger application crash is extracted in the library of API;
5th extracting sub-module for obtaining the Info.plist file of the destination application, and extracts the mesh
Mark the privacy authority key in the Info.plist file of application program;
6th extracting sub-module, for the privacy authority in the Info.plist file according to the destination application
Key, from it is described comprising can trigger application crash API library in extract without proper notice privacy authority library, wherein it is described not
Where stating that the API of privacy authority is not stated in the library of privacy authority for the destination application in privacy authority statement
Library;
Submodule is handled, for obtaining the dependence library of the destination application, to the dependence library and the without proper notice
The library of privacy authority takes intersection, obtains the list of intersection library;
Second generates submodule, for generating the 2nd API identification list according to intersection library list.
Optionally, submodule is generated as one embodiment, described second, may include:
First extraction unit, for extracting intersection library list pair from the official document of the destination application
The API answered generates the first API list;
Second extraction unit, for extracting the intersection from the library comprising can trigger the API of application crash
List corresponding API in library generates the second API list;
Processing unit obtains the 3rd API column for taking intersection to first API list and second API list
Table;
Second generation unit generates the 2nd API identity column for extracting the mark of each API in the third API list
Table.
According to still another embodiment of the invention, the present invention also provides a kind of electronic equipment, the electronic equipment includes:
Memory, processor and it is stored in the computer program that can be run on the memory and on the processor, the calculating
Realize that the application program privacy authority as described in any one above-mentioned embodiment states school when machine program is executed by the processor
Step in correction method.
Still another embodiment in accordance with the present invention, the present invention also provides a kind of computer readable storage medium, the meter
It is stored with computer program on calculation machine readable storage medium storing program for executing, is realized when the computer program is executed by processor as above-mentioned any
Application program privacy authority described in one embodiment states the step in bearing calibration.
All the embodiments in this specification are described in a progressive manner, the highlights of each of the examples are with
The difference of other embodiments, the same or similar parts between the embodiments can be referred to each other.
It should be understood by those skilled in the art that, the embodiment of the embodiment of the present invention can provide as method, apparatus or calculate
Machine program product.Therefore, the embodiment of the present invention can be used complete hardware embodiment, complete software embodiment or combine software and
The form of the embodiment of hardware aspect.Moreover, the embodiment of the present invention can be used one or more wherein include computer can
With in the computer-usable storage medium (including but not limited to magnetic disk storage, CD-ROM, optical memory etc.) of program code
The form of the computer program product of implementation.
The embodiment of the present invention be referring to according to the method for the embodiment of the present invention, terminal device (system) and computer program
The flowchart and/or the block diagram of product describes.It should be understood that flowchart and/or the block diagram can be realized by computer program instructions
In each flow and/or block and flowchart and/or the block diagram in process and/or box combination.It can provide these
Computer program instructions are set to general purpose computer, special purpose computer, Embedded Processor or other programmable data processing terminals
Standby processor is to generate a machine, so that being held by the processor of computer or other programmable data processing terminal devices
Capable instruction generates for realizing in one or more flows of the flowchart and/or one or more blocks of the block diagram
The device of specified function.
These computer program instructions, which may also be stored in, is able to guide computer or other programmable data processing terminal devices
In computer-readable memory operate in a specific manner, so that instruction stored in the computer readable memory generates packet
The manufacture of command device is included, which realizes in one side of one or more flows of the flowchart and/or block diagram
The function of being specified in frame or multiple boxes.
These computer program instructions can also be loaded into computer or other programmable data processing terminal devices, so that
Series of operation steps are executed on computer or other programmable terminal equipments to generate computer implemented processing, thus
The instruction executed on computer or other programmable terminal equipments is provided for realizing in one or more flows of the flowchart
And/or in one or more blocks of the block diagram specify function the step of.
Although the preferred embodiment of the embodiment of the present invention has been described, once a person skilled in the art knows bases
This creative concept, then additional changes and modifications can be made to these embodiments.So the following claims are intended to be interpreted as
Including preferred embodiment and fall into all change and modification of range of embodiment of the invention.
Finally, it is to be noted that, herein, relational terms such as first and second and the like be used merely to by
One entity or operation are distinguished with another entity or operation, without necessarily requiring or implying these entities or operation
Between there are any actual relationship or orders.Moreover, the terms "include", "comprise" or its any other variant meaning
Covering non-exclusive inclusion, so that process, method, article or terminal device including a series of elements not only wrap
Those elements are included, but also including other elements that are not explicitly listed, or further includes for this process, method, article
Or the element that terminal device is intrinsic.In the absence of more restrictions, being wanted by what sentence "including a ..." limited
Element, it is not excluded that there is also other identical elements in process, method, article or the terminal device for including the element.
Above to a kind of application program privacy authority statement bearing calibration, device and electronic equipment provided by the present invention,
It is described in detail, used herein a specific example illustrates the principle and implementation of the invention, the above reality
The explanation for applying example is merely used to help understand method and its core concept of the invention;Meanwhile for the general technology of this field
Personnel, according to the thought of the present invention, there will be changes in the specific implementation manner and application range, in conclusion this theory
Bright book content should not be construed as limiting the invention.
Claims (12)
1. a kind of application program privacy authority states bearing calibration, which is characterized in that the described method includes:
The privacy authority received for destination application triggering states correction instruction;
Obtain the first API identification list, wherein include: that can trigger application in IOS official SDK in the first API identification list
The mark of the API of program crashing;
Obtain the 2nd API identification list, wherein including: that the destination application is practical in the 2nd API identification list makes
Use but do not state in privacy authority statement the mark of the API of privacy authority;
Intersection is taken to the first API identification list and the 2nd API identification list, obtains the 3rd API identification list;
According to the 3rd API identification list, the privacy authority statement of the destination application is corrected.
2. the method according to claim 1, wherein the first API identification list of the acquisition, comprising:
IOS official SDK is obtained, and extracts the library comprising open API in the IOS official SDK;
IOS official Info.plist file is obtained, and extracts privacy authority key assignments in the IOS official Info.plist file
key;
The corresponding API of the key is extracted from the library comprising open API, obtains privacy authority API list;
According to the privacy authority API list, the first API identification list is generated.
3. according to the method described in claim 2, it is characterized in that, described according to the privacy authority API list, generation first
API identification list, comprising:
By presetting application crash test case, the API in the privacy authority API list is tested one by one, is obtained
To the API list of triggerable application crash;
The mark of each API in the API list of the triggerable application crash is extracted, the first API identification list is generated.
4. according to the method described in claim 3, it is characterized in that, the 2nd API identification list of the acquisition, comprising:
According to the API list of the triggerable application crash, extract from the library comprising open API comprising can trigger
The library of the API of application crash;
The Info.plist file of the destination application is obtained, and extracts the Info.plist text of the destination application
Privacy authority key in part;
According to the privacy authority key in the Info.plist file of the destination application, from described comprising can trigger application
The library of without proper notice privacy authority is extracted in the library of the API of program crashing, wherein the library of the without proper notice privacy authority is the mesh
Mark the library where application program does not state the API of privacy authority in privacy authority statement;
The dependence library for obtaining the destination application takes intersection to the library in the dependence library and the without proper notice privacy authority,
Obtain the list of intersection library;
According to intersection library list, the 2nd API identification list is generated.
5. according to the method described in claim 4, it is characterized in that, described according to intersection library list, generation the 2nd API mark
Know list, comprising:
From the official document of the destination application, the corresponding API of intersection library list is extracted, generates the first API column
Table;
From the library comprising can trigger the API of application crash, the corresponding API of intersection library list is extracted, is generated
Second API list;
Intersection is taken to first API list and second API list, obtains third API list;
The mark of each API in the third API list is extracted, the 2nd API identification list is generated.
6. a kind of application program privacy authority states means for correcting, which is characterized in that described device includes:
Receiving module, for receiving the privacy authority statement correction instruction for being directed to destination application triggering;
First obtains module, for obtaining the first API identification list, wherein include: IOS official in the first API identification list
It can trigger the mark of the API of application crash in square SDK;
Second obtains module, for obtaining the 2nd API identification list, wherein includes: described in the 2nd API identification list
Destination application actual use to but privacy authority statement in state privacy authority API mark;
Processing module obtains the 3rd API for taking intersection to the first API identification list and the 2nd API identification list
Identification list;
Correction module, for stating to carry out to the privacy authority of the destination application according to the 3rd API identification list
Correction.
7. device according to claim 6, which is characterized in that described first, which obtains module, includes:
First extracting sub-module for obtaining IOS official SDK, and extracts the library comprising open API in the IOS official SDK;
Second extracting sub-module for obtaining IOS official Info.plist file, and extracts the IOS official Info.plist
Privacy authority key assignments key in file;
Third extracting sub-module obtains the right of privacy for extracting the corresponding API of the key from the library comprising open API
Limit API list;
First generates submodule, for generating the first API identification list according to the privacy authority API list.
8. device according to claim 7, which is characterized in that described first, which generates submodule, includes:
Test cell, for by preset application crash test case, to the API in the privacy authority API list into
Row is tested one by one, obtains the API list that can trigger application crash;
First generation unit, the mark of each API in the API list for extracting the triggerable application crash generate the
One API identification list.
9. device according to claim 8, which is characterized in that described second, which obtains module, includes:
4th extracting sub-module includes open API from described for the API list according to the triggerable application crash
Library in extract comprising can trigger application crash API library;
5th extracting sub-module for obtaining the Info.plist file of the destination application, and is extracted the target and is answered
With the privacy authority key in the Info.plist file of program;
6th extracting sub-module, for the privacy authority key in the Info.plist file according to the destination application, from
The library of without proper notice privacy authority is extracted in the library comprising can trigger the API of application crash, wherein the without proper notice is hidden
The library of private rights limit is the library where the destination application does not state the API of privacy authority in privacy authority statement;
Submodule is handled, for obtaining the dependence library of the destination application, to the dependence library and the without proper notice privacy
The library of permission takes intersection, obtains the list of intersection library;
Second generates submodule, for generating the 2nd API identification list according to intersection library list.
10. device according to claim 9, which is characterized in that described second, which generates submodule, includes:
First extraction unit, for it is corresponding to extract intersection library list from the official document of the destination application
API generates the first API list;
Second extraction unit, for extracting the intersection library column from the library comprising can trigger the API of application crash
The corresponding API of table generates the second API list;
Processing unit obtains third API list for taking intersection to first API list and second API list;
Second generation unit generates the 2nd API identification list for extracting the mark of each API in the third API list.
11. a kind of electronic equipment, which is characterized in that the electronic equipment includes: memory, processor and is stored in the storage
On device and the computer program that can run on the processor, realized such as when the computer program is executed by the processor
Application program privacy authority described in any one of claims 1 to 5 states the step in bearing calibration.
12. a kind of computer readable storage medium, which is characterized in that be stored with computer on the computer readable storage medium
Program realizes the application program privacy as described in any one of claims 1 to 5 when the computer program is executed by processor
Step in rights statements bearing calibration.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910545213.5A CN110414215B (en) | 2019-06-21 | 2019-06-21 | Application privacy permission statement correction method and device and electronic equipment |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201910545213.5A CN110414215B (en) | 2019-06-21 | 2019-06-21 | Application privacy permission statement correction method and device and electronic equipment |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN110414215A true CN110414215A (en) | 2019-11-05 |
| CN110414215B CN110414215B (en) | 2021-12-10 |
Family
ID=68359681
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201910545213.5A Active CN110414215B (en) | 2019-06-21 | 2019-06-21 | Application privacy permission statement correction method and device and electronic equipment |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN110414215B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111766993A (en) * | 2020-05-29 | 2020-10-13 | 维沃移动通信有限公司 | Information display method and device, electronic equipment and readable storage medium |
| CN112199713A (en) * | 2020-12-03 | 2021-01-08 | 成都中科大旗软件股份有限公司 | Confusion encryption method for IOS system software operation algorithm |
| CN113886253A (en) * | 2021-09-30 | 2022-01-04 | 五八同城信息技术有限公司 | API detection method and device, electronic equipment and readable medium |
| CN118632054A (en) * | 2024-08-09 | 2024-09-10 | 一网互通(北京)科技有限公司 | Method and device for improving application permission application passing rate and electronic equipment |
Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130145456A1 (en) * | 2007-01-05 | 2013-06-06 | Apple Inc. | System and method for authenticating code executing on computer system |
| US20140189783A1 (en) * | 2013-01-02 | 2014-07-03 | International Business Machines Corporation | Policy-based development and runtime control of mobile applications |
| CN104156215A (en) * | 2014-08-14 | 2014-11-19 | 北京奇虎科技有限公司 | Method and device for obtaining application program information on basis of mobile operating system |
| CN104346566A (en) * | 2013-07-31 | 2015-02-11 | 腾讯科技(深圳)有限公司 | Method, device, terminal, server and system for detecting privacy authority risks |
| CN104408366A (en) * | 2014-11-26 | 2015-03-11 | 清华大学 | Android application permission usage behavior tracking method based on plug-in technology |
| CN105335649A (en) * | 2015-10-14 | 2016-02-17 | 上海斐讯数据通信技术有限公司 | Intelligent terminal application program authority management method and system |
| CN106156605A (en) * | 2016-06-14 | 2016-11-23 | 百度在线网络技术(北京)有限公司 | The processing method and processing device of application permission |
| CN106529270A (en) * | 2016-09-22 | 2017-03-22 | 南京酷派软件技术有限公司 | Application program authorization method and device |
| CN106681853A (en) * | 2016-12-30 | 2017-05-17 | 深圳天珑无线科技有限公司 | Application crashing processing method and mobile terminal |
| CN106716371A (en) * | 2016-11-09 | 2017-05-24 | 达闼科技(北京)有限公司 | Method of opening APPs, electronic devices, and management server |
| CN107357732A (en) * | 2017-07-17 | 2017-11-17 | 广州爱九游信息技术有限公司 | User terminal and SDK access state detection means and method |
| CN108280352A (en) * | 2018-01-17 | 2018-07-13 | 西安邮电大学 | A kind of privacy assessment and right management method based on 8.0 authority mechanisms of Android |
| CN108595989A (en) * | 2018-03-15 | 2018-09-28 | 杭州电子科技大学 | Mobile APP security protection systems and method under a kind of iOS |
| CN108830099A (en) * | 2018-05-04 | 2018-11-16 | 平安科技(深圳)有限公司 | Call verification method, device, computer equipment and the storage medium of api interface |
| CN109032687A (en) * | 2018-06-11 | 2018-12-18 | 北京奇艺世纪科技有限公司 | Shield the method and device that SDK danger is called |
| CN109214165A (en) * | 2017-07-04 | 2019-01-15 | 武汉安天信息技术有限责任公司 | A kind of judgment method of the rights statements legitimacy of pre-installed applications program and judge system |
| CN109815682A (en) * | 2018-12-27 | 2019-05-28 | 北京字节跳动网络技术有限公司 | A kind of pair of permission is tracked the method, apparatus and computer readable medium of management |
| CN109815678A (en) * | 2018-12-17 | 2019-05-28 | 维沃移动通信有限公司 | A kind of authority configuring method and mobile terminal |
-
2019
- 2019-06-21 CN CN201910545213.5A patent/CN110414215B/en active Active
Patent Citations (18)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20130145456A1 (en) * | 2007-01-05 | 2013-06-06 | Apple Inc. | System and method for authenticating code executing on computer system |
| US20140189783A1 (en) * | 2013-01-02 | 2014-07-03 | International Business Machines Corporation | Policy-based development and runtime control of mobile applications |
| CN104346566A (en) * | 2013-07-31 | 2015-02-11 | 腾讯科技(深圳)有限公司 | Method, device, terminal, server and system for detecting privacy authority risks |
| CN104156215A (en) * | 2014-08-14 | 2014-11-19 | 北京奇虎科技有限公司 | Method and device for obtaining application program information on basis of mobile operating system |
| CN104408366A (en) * | 2014-11-26 | 2015-03-11 | 清华大学 | Android application permission usage behavior tracking method based on plug-in technology |
| CN105335649A (en) * | 2015-10-14 | 2016-02-17 | 上海斐讯数据通信技术有限公司 | Intelligent terminal application program authority management method and system |
| CN106156605A (en) * | 2016-06-14 | 2016-11-23 | 百度在线网络技术(北京)有限公司 | The processing method and processing device of application permission |
| CN106529270A (en) * | 2016-09-22 | 2017-03-22 | 南京酷派软件技术有限公司 | Application program authorization method and device |
| CN106716371A (en) * | 2016-11-09 | 2017-05-24 | 达闼科技(北京)有限公司 | Method of opening APPs, electronic devices, and management server |
| CN106681853A (en) * | 2016-12-30 | 2017-05-17 | 深圳天珑无线科技有限公司 | Application crashing processing method and mobile terminal |
| CN109214165A (en) * | 2017-07-04 | 2019-01-15 | 武汉安天信息技术有限责任公司 | A kind of judgment method of the rights statements legitimacy of pre-installed applications program and judge system |
| CN107357732A (en) * | 2017-07-17 | 2017-11-17 | 广州爱九游信息技术有限公司 | User terminal and SDK access state detection means and method |
| CN108280352A (en) * | 2018-01-17 | 2018-07-13 | 西安邮电大学 | A kind of privacy assessment and right management method based on 8.0 authority mechanisms of Android |
| CN108595989A (en) * | 2018-03-15 | 2018-09-28 | 杭州电子科技大学 | Mobile APP security protection systems and method under a kind of iOS |
| CN108830099A (en) * | 2018-05-04 | 2018-11-16 | 平安科技(深圳)有限公司 | Call verification method, device, computer equipment and the storage medium of api interface |
| CN109032687A (en) * | 2018-06-11 | 2018-12-18 | 北京奇艺世纪科技有限公司 | Shield the method and device that SDK danger is called |
| CN109815678A (en) * | 2018-12-17 | 2019-05-28 | 维沃移动通信有限公司 | A kind of authority configuring method and mobile terminal |
| CN109815682A (en) * | 2018-12-27 | 2019-05-28 | 北京字节跳动网络技术有限公司 | A kind of pair of permission is tracked the method, apparatus and computer readable medium of management |
Non-Patent Citations (1)
| Title |
|---|
| ZERO_ZQL: "iOS10 适配、Xcode8配置总结", 《HTTPS://WWW.JIANSHU.COM/P/66BC16B872D7》 * |
Cited By (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111766993A (en) * | 2020-05-29 | 2020-10-13 | 维沃移动通信有限公司 | Information display method and device, electronic equipment and readable storage medium |
| CN111766993B (en) * | 2020-05-29 | 2021-12-10 | 维沃移动通信有限公司 | Information display method and device, electronic equipment and readable storage medium |
| CN112199713A (en) * | 2020-12-03 | 2021-01-08 | 成都中科大旗软件股份有限公司 | Confusion encryption method for IOS system software operation algorithm |
| CN113886253A (en) * | 2021-09-30 | 2022-01-04 | 五八同城信息技术有限公司 | API detection method and device, electronic equipment and readable medium |
| CN118632054A (en) * | 2024-08-09 | 2024-09-10 | 一网互通(北京)科技有限公司 | Method and device for improving application permission application passing rate and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN110414215B (en) | 2021-12-10 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN110414215A (en) | Application program privacy authority states bearing calibration, device and electronic equipment | |
| US8819012B2 (en) | Accessing anchors in voice site content | |
| US10656907B2 (en) | Translation of natural language into user interface actions | |
| TW202016761A (en) | Data processing method, device and equipment | |
| Vozniuk et al. | Towards portable learning analytics dashboards | |
| CN107545030A (en) | Processing method, device and the equipment of data genetic connection | |
| CN107644286A (en) | Workflow processing method and device | |
| US20120233595A1 (en) | Service definition document for providing blended services utilizing multiple service endpoints | |
| CN107391526A (en) | A kind of data processing method and equipment based on block chain | |
| US11749135B2 (en) | Secure computer-implemented execution and evaluation of programming assignments for on demand courses | |
| CN106066788B (en) | It generates and provides from service demonstration to promote the execution from service role | |
| CN106886445A (en) | Java packets generation method and equipment and information extracting method and equipment | |
| CN113435862B (en) | Bill processing method and device based on mailbox | |
| CN111124541B (en) | Configuration file generation method, device, equipment and medium | |
| CN107450959A (en) | A kind of edition data issue, acquisition methods, equipment and device and more new system | |
| CN107870765B (en) | Message splicing method and terminal | |
| Kang et al. | IT curriculum: coping with technology trends & industry demands | |
| US20140324918A1 (en) | Database Generation System, Method For Generating A Database, Product Line Management System And Non-Transitory Data Carrier | |
| US20150169433A1 (en) | Automated Generation of Semantically Correct Test Data for Application Development | |
| CN109492239A (en) | A kind of device for realizing simulation waveform data Real-time segmentation | |
| CN108628737A (en) | A kind of verification method and system of JSON data | |
| CN110196803B (en) | Software defect training method and system | |
| Zamfirache et al. | Extending the moodle course management system for mobile devices | |
| CN105630952A (en) | System and method for displaying comments in webpages | |
| Zutin et al. | A simple LabVIEW based framework to facilitate the deployment of iLab batch lab servers |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |