CN104462980A

CN104462980A - Authority management method, device and system of application programs and mobile terminal

Info

Publication number: CN104462980A
Application number: CN201410843695.XA
Authority: CN
Inventors: 刘新; 张越
Original assignee: Beijing Qihoo Technology Co Ltd; Qizhi Software Beijing Co Ltd
Current assignee: Beijing Qihoo Technology Co Ltd; Qizhi Software Beijing Co Ltd
Priority date: 2014-12-30
Filing date: 2014-12-30
Publication date: 2015-03-25

Abstract

The invention provides an authority management method, device and system of application programs and a mobile terminal. The authority management method comprises the steps that a self-starting request for the second application program of the first application program in a service mode is received; an application program authorization authority list is obtained; the self-starting request contains a packet identifier of the first application program and a packet identifier of the second application program, whether the self-starting request for the second application program of the first application program in the service mode is intercepted is judged according to the two packet identifiers, and if the packet identifier of the first application program and the packet identifier of the second application program are consistent with an intercepting strategy stored in the application program authorization authority list, the self-starting request for the second application program of the first application program in the service mode is intercepted. By means of the authority management method, device and system of the application programs and the mobile terminal, terminal resources occupied by some useless self-starting application programs can be reduced as much as possible.

Description

Application program authority management method, device and system and mobile terminal

Technical Field

The invention relates to the technical field of network security, in particular to a method, a device and a system for managing application program authority and a mobile terminal.

Background

At present, the self-starting modes of each software in the terminal mainly include three types: the first is the way that a specified application is invoked by registering some broadcasts (broadcases) in the system; the second is a way to invoke a specific application by a Service (Service); the third is a way to invoke a specific application by a Content Provider (Content Provider).

The applications self-started in the three ways are not all conditions necessary for running the system or other applications, running of some applications in the terminal is not dependent on running of other applications, and some self-started applications in the terminal are not started by the user, so that self-starting of some applications useless for other applications and the user not only occupies redundant system resources and reduces the running speed of the system, but also consumes more electric quantity.

In order to solve the above problem, the conventional method for prohibiting the self-start of the application program in the terminal is to prohibit the self-start of the specified application program in the Broadcast manner by directly calling the PM disable function in the system API. At present, the method for calling the PM disable function cannot prohibit the application program which is automatically started in a Service mode and a contentProvider mode.

Disclosure of Invention

In view of the above, an object of the present invention is to provide a method for managing application program permissions, so as to minimize occupation of terminal resources by some useless self-starting application programs.

A method of application rights management, comprising:

receiving a self-starting request of a first application program to a second application program in a service mode;

acquiring an application program authorization authority list;

judging whether to intercept the self-starting request of the first application program to the second application program in a service mode or not according to the packet identifier of the first application program and the packet identifier of the second application program carried in the self-starting request, and if the packet identifier of the first application program and the packet identifier of the second application program are consistent with the interception policy stored in the application program authorization permission list, intercepting the self-starting request of the first application program to the second application program in the service mode.

According to an embodiment of the method of the present invention, further, before the obtaining the list of authorized permissions of the application, the method further includes:

and retrieving and obtaining an interception policy corresponding to the packet identifier of the first application program and the packet identifier of the second application program from a local policy database, and storing the obtained interception policy in the application program authorization authority list.

According to an embodiment of the method of the present invention, further, before storing the obtained interception policy in the application authorization authority list, the method further includes:

and sending a request to a cloud server through a remote policy interface and obtaining a fed-back interception policy corresponding to the packet identifier of the first application program and the packet identifier of the second application program.

According to an embodiment of the method of the present invention, further, the method further comprises:

judging whether the second application program is a system application program;

if the self-starting time of the first application program to the second application program reaches or exceeds a set threshold value within a set time, the self-starting request of the first application program to the second application program in a service mode is not intercepted.

and if the self-starting times of the first application program to the second application program within the set time reach or exceed a set threshold value, not intercepting the self-starting request of the first application program to the second application program in a service mode.

after receiving a self-starting request of the first application program to the second application program in a content provider mode, recording the self-starting request, a content provider identifier, a package identifier of the first application program and a package identifier of the second application program;

feeding back the recorded self-starting request, the content provider identifier, the package identifier of the first application program and the package identifier of the second application program to a user;

and alarming a popup window of the user interface and receiving a user instruction to obtain a processing strategy.

According to an embodiment of the method of the present invention, the intercepting policy further includes determining whether to intercept the packet of the first application program, the packet of the second application program, and a security level set by the cloud server for each application program.

obtaining information of a notification bar entry in an interception process, wherein the information of the notification bar entry comprises a display view of the notification bar entry and an operation behavior response of the notification bar entry;

a display view that presents the notification bar entry;

and if the operation behavior of the user on the notification bar entry is obtained, responding the operation behavior of the user on the notification bar entry in a memory caching or database caching mode according to the click response behavior of the notification bar entry.

acquiring a program list of installed application programs in the mobile terminal;

searching whether a power saving strategy of each application program is stored in a local power saving database aiming at each application program in the program list;

counting power consumption information of each application program with a power saving strategy, and sequencing each application program according to the power consumption information;

when the application program with the power consumption information exceeding the set power consumption level requests self-starting, an interception process is triggered.

obtaining the self-starting times of the first application program to the second application program;

obtaining the total self-starting times of the second application program;

obtaining a proportional value according to the number of times of the first application program to self-start of the second application program and the total number of times of the self-start of the second application program;

and when the application program with the proportion value reaching or exceeding the set threshold value requests self-starting, triggering an interception process.

According to an embodiment of the method of the invention, further,

the first application program and the second application program are related application programs; or

The first application and the second application are unrelated applications.

Another technical problem to be solved by the present invention is to provide an apparatus for application program authority management to minimize the terminal resource occupation of some useless self-starting application programs.

An apparatus for application rights management, comprising:

the self-starting request receiving unit is used for receiving a self-starting request of a first application program to a second application program in a service mode;

the policy acquisition unit is used for acquiring an application program authorization authority list;

and the interception processing unit is used for judging whether to intercept the self-starting request of the first application program to the second application program in a service mode according to the packet identifier of the first application program and the packet identifier of the second application program carried in the self-starting request, and if the packet identifier of the first application program and the packet identifier of the second application program are consistent with the interception policy stored in the application program authorization permission list, intercepting the self-starting request of the first application program to the second application program in the service mode.

According to an embodiment of the method of the present invention, further, the policy obtaining unit is further configured to

According to an embodiment of the method of the present invention, further, the apparatus further comprises:

and the application program type judging unit is used for judging whether the second application program is a system application program, if so, judging whether the second application program is the system application program, and if the self-starting frequency of the first application program to the second application program in the set time reaches or exceeds a set threshold value, not intercepting a self-starting request of the first application program to the second application program in a service mode.

and the self-starting frequency judging unit is used for not intercepting the self-starting request of the first application program to the second application program in a service mode if the self-starting frequency of the first application program to the second application program in the set time reaches or exceeds a set threshold value.

and the interaction unit is registered as a system service, the shell application program communicates with the interaction unit through a built-in interaction interface of the shell application program, and human-computer interaction is realized to the pop-up window of the user interface by virtue of the interaction unit.

According to an embodiment of the method of the invention, further,

the device further comprises:

the log recording unit is used for recording the self-starting request, the content provider identifier, the packet identifier of the first application program and the packet identifier of the second application program after receiving the self-starting request of the first application program to the second application program in a content provider mode;

a log feedback unit, configured to feed back the recorded self-starting request, the content provider identifier, the package identifier of the first application, and the package identifier of the second application to a user;

and the interaction unit is used for giving an alarm to the popup window of the user interface and receiving a user instruction to obtain a processing strategy.

and the response unit is used for acquiring information of a notification bar entry in an interception process, wherein the information of the notification bar entry comprises a display view of the notification bar entry and an operation behavior response of the notification bar entry, displaying the display view of the notification bar entry, and if the operation behavior of the user on the notification bar entry is acquired, responding the operation behavior of the user on the notification bar entry in a memory cache or database cache manner according to a click response behavior of the notification bar entry.

the power consumption counting unit is used for acquiring a program list of installed application programs in the mobile terminal, searching whether a power saving strategy of the application program is stored in a local power saving database or not for each application program in the program list, counting power consumption information of each application program with the power saving strategy, sequencing each application program according to the power consumption information, and triggering an intercepting process when the application program with the power consumption information exceeding a set power consumption level requests to be automatically started.

and the starting frequency counting unit is used for obtaining the self-starting frequency of the first application program to the second application program, obtaining the total self-starting frequency of the second application program, obtaining a proportional value according to the self-starting frequency of the first application program to the second application program and the total self-starting frequency of the second application program, and triggering an intercepting process when the application program with the proportional value reaching or exceeding a set threshold value requests self-starting.

According to an embodiment of the method of the invention, further,

The first application and the second application are unrelated applications.

Another object of the present invention is to provide a mobile terminal, which minimizes the occupation of terminal resources by some useless self-starting applications.

A mobile terminal, comprising: broadcast receiver components, service components, and means for application rights management of the foregoing embodiments.

According to an embodiment of the mobile terminal of the present invention, further, the mobile terminal further comprises a content provider component.

Another technical problem to be solved by the present invention is to provide a system for managing application program authority to minimize the occupation of terminal resources by some useless self-starting application programs.

A system for managing application program authority comprises a cloud server and the mobile terminal of the embodiment.

According to the method, the device and the system for managing the application program authority and the mobile terminal, the application programs which are useless for users and/or do not help to start other application programs can be intercepted according to the packet identifier of the called application program, namely the packet identifier of the first application program, and the packet identifier of the called application program, namely the packet identifier of the second application program, so that the running speed of the terminal can be improved, and the electric quantity can be saved for the terminal.

Drawings

Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiments. The drawings are only for purposes of illustrating the preferred embodiments and are not to be construed as limiting the invention. Also, like reference numerals are used to refer to like parts throughout the drawings. In the drawings:

FIG. 1 is a flow diagram illustrating a method for application rights management, according to one embodiment of the invention.

Fig. 2 is a schematic structural diagram of an apparatus for application rights management according to an embodiment of the present invention.

Fig. 3 is a schematic structural diagram of a mobile terminal according to an embodiment of the present invention.

Fig. 4 is a schematic structural diagram of a mobile terminal according to another embodiment of the present invention.

Fig. 5 is a schematic structural diagram of a system for application rights management according to an embodiment of the present invention.

Detailed Description

The present invention now will be described more fully hereinafter with reference to the accompanying drawings, in which exemplary embodiments of the invention are shown. The technical solutions in the embodiments of the present invention will be described clearly and completely with reference to the accompanying drawings in the embodiments of the present invention, and it is obvious that the described embodiments are only a part of the embodiments of the present invention, and not all of the embodiments. All other embodiments, which can be obtained by a person skilled in the art without any inventive step based on the embodiments of the present invention, are within the scope of the present invention.

The Android system has four major components: the system comprises an Activity component, a Service component, a Broadcast Receiver component and a Content Provider component, wherein the four components can be managed by Activity manager Service. It is executed by ActivityManagerService when the application is self-started.

The environment of the application program of the method comprises a mobile terminal which can be communicated with a remote server or a cloud, the mobile terminal can be provided with an Android operating system, and the system is in a state of not authorizing ROOT or acquiring ROOT authority.

As is well known, Root rights refer to system Administrator rights of Unix-type operating systems (including Linux and Android), similar to administeror rights in Windows systems; root rights allow access to and modification of almost all files in the user's mobile device (Android system files and user files, not including ROM). However, at present, the management of Root rights by a mobile terminal system is very strict, and most applications or programs do not have Root rights in general, so that certain operations that need Root rights cannot be executed, for example, operations such as installing or uninstalling applications; meanwhile, the Root authority needs to be applied to the system when the operation calling process executes corresponding operation each time, but if other application program processes use the Root authority to perform related operation at the moment, the Root authority application of the calling process cannot be successful; furthermore, if the user sets the operation of disabling Root authority in the system, the related calling process cannot perform the related operation.

As shown in fig. 1, this embodiment may include the steps of:

102, receiving a self-starting request of a first application program to a second application program in a service mode;

104, acquiring an application program authorization authority list;

and 106, judging whether to intercept the self-starting request of the first application program to the second application program in a service mode according to the packet identifier of the first application program and the packet identifier of the second application program carried in the self-starting request, and if the packet identifier of the first application program and the packet identifier of the second application program are consistent with the interception policy stored in the application program authorization permission list, intercepting the self-starting request of the first application program to the second application program in the service mode.

Optionally, the first application and the second application are related applications. For example, the first application and the second application may be applications of two Ali families, Taobao and Paobao; or, for another example, the first application program and the second application program may be applications of two hundred systems, namely, a hundred-degree video and a hundred-degree search; alternatively, for another example, the first application and the second application may be 360-series applications of 360-antivirus and 360-helper, and the like, which is not limited in this embodiment.

Optionally, the first application and the second application are unrelated applications. For example, the first application program and the second application program can be two different families of applications, namely pan of the Alice family and Baidu video of the Baidu family; alternatively, for another example, the first application program and the second application program may be two different families, namely 360-family mobile phone assistant and ali-family pay pal, and the like, which is not limited in this embodiment.

Generally, an operating system may include an application layer (app layer) and a system framework layer (framework layer). In a preferred implementation manner of the present invention, the app layer and the frame layer are improved, so that the communication is quickly started on the intelligent terminal by utilizing the cooperative cooperation of the app layer and the frame layer. Specifically, a monitoring unit may be added to the app layer, and configured to monitor a frame layer wake-up component to implement an application self-starting operation, so that before the application self-starts, related information of a component responsible for the application self-starting may be acquired, a type of the component and a package identifier of the related application may be analyzed, and whether to intercept a self-starting request of the first application to the second application in a service manner is determined according to an acquired interception policy.

For example, in the Android system, before an application is started, a name of a component to be started is analyzed in a framework layer, and the framework layer records information related to the starting of the application, such as the name of the component to be started, the type of the component (whether it is an Activity component, a Service component, a Broadcast Receiver component, or a Content Provider component), and the like. The interface of the framework layer for recording the information can be monitored through injection and javahook, the information is returned to a monitoring unit (for example, a mobile phone antivirus client) of the app layer, and the antivirus client determines whether to allow the starting behavior of the application program. Thus, in effect, the listening behavior is implemented by the app layer by listening to interface calls of the frame layer. Since this interface itself provides information about the component that is woken up, only a small amount of parsing of the data obtained from the frame layer is required.

In particular, an interrupt mechanism may be employed to implement snooping of an interface of a calling component. Specifically, a hook mechanism may be used to implement snooping on an interface for invoking a component in the frame layer. Those skilled in the art will appreciate that the hook mechanism allows an application to intercept messages or specific events that handle the operating system. A hook is actually a segment of a program that handles messages and is hooked into the system through a system call. Whenever a particular message is sent, the hook program captures the message before the destination window is reached, i.e. the hook function gets control. In this case, the hook function may process (change) the message, may continue to transfer the message without processing, or may forcibly end the transfer of the message. In the embodiment of the invention, a hook mechanism is adopted to interrupt the process of calling the component corresponding to the application program, so that the component information is acquired before the application program is started.

These four component types are briefly described below.

(1) Activity component

In an application, an activity component is usually a separate screen on which some controls can be displayed and which can also monitor and process events of the user in response.

(2) Broadcast Receiver assembly

The application may use the Broadcast Receiver component to filter external events so that they are received and responded to only external events of interest, such as when a phone call comes in, or when a data network is available. The Broadcast Receiver component has no user interface. However, they may launch an Activity component or Service component in response to information they receive, or notify the user with a status bar manager (Notification manager). The notification may draw the attention of the user in a number of ways, such as flashing a backlight, vibrating, playing a sound, etc. Typically, a persistent icon is placed on the status bar that the user can open and retrieve the message.

(3) Service component

A Service component is a long life cycle program without a user interface, which can be used to develop such programs as monitor class programs. For example, a media player that is playing songs from a playlist. For example, in a media player application, there should be multiple activity components that allow a user to select and play songs. However, music playback this function does not have a corresponding activity component, as the user would of course think that the music should still be played while navigating to another screen. In this example, the activity component of the media player starts a service component using context. At the same time, the system will keep the service component executing until the service component finishes running. A bind service () method may also be used to connect to a service component (which will be started if it is not already running). When connected to a service component, the service component may also communicate with it via an interface provided by the service component. In the case of a media player, pause, replay, etc. operations may also be performed.

(4) Content Provider component

The Android system platform provides a Content Provider component, so that a specified data set of one application program is provided for other application programs. This data may be stored in a file system, in an SQLite database, or in any other reasonable manner, and other applications may obtain or store data from the content provider via the contentresolution class, the content provider being required only if the data needs to be shared among multiple applications. For example, the address book data is used by a plurality of applications and must be stored in one content provider. Its advantage is uniform access mode.

Specifically, before 104, an interception policy corresponding to the packet identifier of the first application and the packet identifier of the second application may be retrieved from a local policy database in advance, and the obtained interception policy may be stored in the application authorization permission list.

Further, before storing the obtained interception policy in the application program authorization permission list, a request may be further sent to a cloud server through a remote policy interface, and the fed back interception policy corresponding to the packet identifier of the first application program and the packet identifier of the second application program is obtained. In this way, the interception policy obtained from the local policy database and the interception policy obtained from the cloud server may be stored in the application authorization permission list together.

The interception policy, when set, may follow at least one of the following rules for each component:

the Activity component is a visual component, and the initiated starting behavior cannot be intercepted, because the behavior is mostly triggered by a user and is not self-starting of the application program in a strict sense;

the wake-up of the Broadcast Receiver component is the behavior of the operating system, so that the self-starting request initiated by the component is not intercepted generally; and

the self-starting request triggered by the Content Provider component can give the authority to the user, so that each user can set a personalized filtering or intercepting strategy according to the self requirement.

Therefore, by applying the rules, whether the self-starting request of the first application program to the second application program needs to be intercepted or not can be accurately judged, and meanwhile, the normal use of the user is not disturbed.

It should be noted that, a blacklist of the second application to be intercepted may be set for the Service component in the application authorization permission list, that is, if the second application is self-started in a Service manner, as long as the packet identifier of the first application and the packet identifier of the second application exist in the application authorization permission list, both the first application and the second application are intercepted. For example, some second applications are only prohibited from being booted by Service, but are not prohibited if the second applications are booted by Broadcast or other means.

Also, some applications are only prohibited from booting by Service, and are not prohibited if the application is booted by Broadcast. The different setting modes can be applied to different application scenes.

In addition, in the preset application program authorization authority list library, some application programs correspond to an application program authorization authority list, and the application program authorization authority list is marked by application program identifiers (i.e., the aforementioned package identifiers). And storing the behavior authority which is authorized for the application program by the user in advance in each application program authorization authority list. If there are no behavioral permissions corresponding to the application in the list, there are no specific permission suggestions, but the user can still grant or disable all permissions.

The statement form of the behavior authority of the application program in the android manifest.

File name: xml. android manifest

Name ═ usage authority "/>, a method for producing a product

The permission description part in the android manifest XML file can be parsed by using an Extensible Markup Language (XML) file parser in Java to obtain a behavior permission list applied by the application program. Of course, other XML parsers may be used, or other programming languages, for example, C/C + +, python, and the like, may be used to develop the XML parser, and parse the android manifest.

Xml is an important global configuration file in an installation package, and is responsible for registering four major components of an Android system in the system, applying authority to the system and the like. In the shell-added installation package, the shell-added installation package is taken into consideration as an important internal file which needs to be added into the shell-added installation package, and a copy which is completely consistent with the original installation package is contained into the shell-added installation package. Xml files in the shell installation package are the same name files of the original installation package, and the package names of the files are the same, so after the shell installation package installs and runs a host application program in a system, the shell installation package registers each component and applies for system authority by the aid of the xml files, an entrance of each component is established, each component of a target application program called by reflection can be called by activityManagerservice, an activityThread does not need to be constructed for each component, a corresponding LoadedApk object is provided, and a program implementation link of running a context environment is omitted. Similarly, the problem of the legal registration of the PackageManagerService on each large component caused by the reflection call is also overcome due to the registration of android manifest.

Specifically, after receiving a self-starting request of a first application program of Service to a second application program, the activityManagerservice learns that the self-starting request is from the Service, and before executing the call of the second application program, firstly, the activityManagerservice judges according to a packet identifier of the first application program and a packet identifier of the second application program, which are carried in the self-starting request. For example, the received package identifiers of the first application and the second application may be compared with the package identifiers in the pre-stored application authorization permission list, and if the package identifiers identical to the package identifiers of the first application and the second application exist in the application authorization permission list, the activitymanager service intercepts the call to the application in the Broadcast manner.

In this embodiment, since the application program which is useless for the user and/or does not help the start of other application programs can be intercepted according to the packet identifier of the called application program, i.e., the packet identifier of the first application program, and the packet identifier of the called application program, i.e., the packet identifier of the second application program, the operation speed of the terminal can be increased, and the power can be saved for the terminal.

In an embodiment of the method of the present invention, the number of times of the self-starting of the first application program to the second application program may be counted, and then, whether to intercept the self-starting request of the first application program to the second application program in a service manner may be determined according to the obtained number of times of the self-starting of the first application program to the second application program.

Further, if the number of times of self-starting of the first application program to the second application program within the set time reaches or exceeds a set threshold value, a self-starting request of the first application program to the second application program in a service mode is not intercepted.

Therefore, the vicious circle that the second application program is frequently killed, the first application program is started, the second application program is frequently started again can be prevented, a large amount of system resources are consumed, electric quantity is wasted, and the running speed of the terminal is reduced.

In another embodiment of the method of the present invention, a clearupremovedtasklocked function of the AS may be called to obtain all current processes, and the UID of the suspicious process and the process including the package name of the application requesting self-start in the process package list are determined by traversal according to the interception policy, and the process is added to the killable process list.

Further, since the application programs at least include a system application program and a user application program, for the system application program, if the application program is self-started by the Service mode, the following processing can be performed:

judging whether the second application program is a system application program;

Therefore, the vicious circle that the system application program is frequently killed and then frequently self-started can be prevented, a large amount of system resources are consumed, electric quantity is wasted, and the running speed of the terminal is reduced.

In the actual application program, the self-starting mode of an application program is not limited to the Service mode, and the self-starting of the application program can be realized through a Content Provider mode. Because there are a large number of applications called by the Content Provider method and the number of Content providers is very large, it is inconvenient to set an interception policy for the Content Provider method in the application authorization list in advance. In this case, the authority for prohibiting the application from being started by itself in the Content Provider mode may be given to the user, and therefore, each user may set a personalized filtering or intercepting policy according to the needs of the user.

Specifically, after receiving a self-start request of the first application program to the second application program by a content provider, the self-start request, a content provider identifier, a packet identifier of the first application program, and a packet identifier of the second application program are recorded, and these pieces of recording information may be stored in a persistent self-start log.

That is, after receiving a call request of a first application program to a second application program in a Content Provider manner, the activityManagerService firstly judges which manner the call request is initiated, and if the call request is initiated in the Content Provider manner, records related information of a self-starting request so that a user can determine a corresponding interception policy according to the recorded information.

Further, while the activityManagerservice records the related information, the recorded self-starting request, the content provider identifier, the package identifier of the first application program and the package identifier of the second application program can be fed back to the user in a mode of popping up an interface to the user; and a pop-up window alert is provided to the user interface. After the user receives the information, the user inputs an interception strategy according to own requirements, for example, intercepting the self-starting of some second applications invoked by some first applications, allowing some first applications to invoke the self-starting of some second applications, and the like. Then, a user instruction may be received to obtain a processing policy, such as intercepting a corresponding reboot or performing a reboot of the second application. This allows the call relationship between the first application and the second application to be cut off. The common self-starting mode of the application program comprises a Bind Service mode or a ContentProvider mode.

For example, after dangerous operation information of the second application program is intercepted by an interception module injected into a system service process in advance, corresponding inquiry information is sent to the second application program; the second application program pops up a corresponding prompt box according to the inquiry information, receives confirmation information which is input by a user and used for judging whether to perform corresponding operation or not and returns the confirmation information to the interception module; the interception module allows or blocks dangerous operation of the system service process on the second application program according to the received confirmation information; therefore, the second application program behavior can be effectively intercepted, the corresponding operation is suspended after the second application program behavior is intercepted, the user is informed of the operation, and the corresponding operation is executed only after the confirmation information of the user is obtained.

In addition, if the user allows a certain first application program to self-start a certain second application program in a Content Provider mode, the policy can also be stored in the application program authorization authority list, and once a self-starting request of the first application program to the second application program in the Content Provider mode is received, the information is not recorded and fed back to the user any more, but the second application program is directly self-started.

Similarly, if the user prohibits a first application program from self-starting a second application program in a Content Provider mode, the policy may also be stored in the application program authorization authority list, and once the user receives the self-starting of the first application program in the Content Provider mode on the second application program, the user is not recorded and does not feed back the information, but directly kills the self-starting process of the second application program.

In other words, the activtymanagervice records whether the user does not explicitly indicate that the first application program is prohibited or allowed to call the self-started second application program in a Content Provider mode, so that the processing efficiency can be improved, the use experience of the user can be improved, and frequent popping up of confirmation windows to the user is avoided.

In the above embodiment, the interception policy may include, but is not limited to, determining whether to intercept based on the packet identifier of the first application, the packet identifier of the second application, and the security level set by the cloud server for each application.

Further, the security levels set by the cloud server for the application programs include black, gray and white levels, which respectively correspond to installation prohibition, installation selection by a user and direct installation.

For an application that is prepared or is being installed, the present invention can acquire installation broadcast information of the application by registering itself in the form of a default installer. Then, the newly-installed application program is used as a target application program, characteristic information such as an installation package or a signature of the newly-installed application program is sent to the cloud server through the remote rule base interface, and the cloud server makes a safety judgment on the newly-installed application program. In one embodiment, the cloud server sets black, gray, and white levels for the security level of the application, which represent different risk levels, respectively, and sets corresponding processing rules. For example, a black application may prohibit installation, a gray application may be selected by the user, and a white application may be installed. Of course, the method can be further simplified into two types of gray and white, or into two types of black and white. Those skilled in the art are familiar with this cloud control technique of the server, which will be disclosed in further summary. In any case, the invention obtains the feedback of the cloud server about the processing rules of the application programs from the local remote rule base interface, and uses the feedback result to make corresponding subsequent processing. Specifically, when the black application identifier is returned for the current target application, the installation of the target application can be immediately stopped; when the identification is a white application identification or a gray application identification, then the installation may be cleared. In consideration of interactivity, after remote judgment is completed, the method reminds the user of the relevant judgment result to the user interface popup window, displays the corresponding processing suggestion, inquires whether the user determines to construct an active defense environment for the current new-installed application program, and determines the target application program after the user determines the identifier for the active defense of the current new-installed target application program.

Similarly, after the user determines the target application program, the present invention stores the installation package of the target application program in the specified directory. In addition, in consideration of the present invention that will subsequently build an active defense environment for the determined target application, the present invention immediately stops the installation of the target application, which may occur either before or after the user determines the target application.

In addition, a master anti-program may be resident at various points in the system to assist in enabling the above-described self-launching of the prohibited application.

Specifically, the feature information such as an unknown application installation package or signature, or the feature information requesting for the self-starting application may be sent to the cloud server through the remote rule base interface, and the cloud server may make a security judgment on the feature information.

As mentioned above, the feature information sent by the client to the cloud server through the remote rule base interface includes: the package name, and/or version number, and/or digital signature of the Android installation package, and/or the characteristics of the Android component receiver, and/or the characteristics of the Android component service, and/or the characteristics of the Android component activity, and/or the instruction or character string in the executable file, and/or the MD5 value (signature) of each file under the Android installation package directory.

The client side which realizes the method or the device uploads the specified characteristic information to the cloud server, and searches a characteristic record matched with the specified single characteristic information or the combination of the single characteristic information in a rule base preset by the cloud server; the rule base preset by the cloud server comprises feature records and security levels corresponding to the feature records, and each feature record comprises single feature information or a combination of the feature information;

thousands of feature records are preset in a cloud server rule base, wherein the first feature record lists the Android installation package name of a certain virus, the second feature record lists the Android installation package version number of a certain normal application program and the MD5 value of a digital signature of the Android installation package version number, the third feature record lists the Android installation package name of a certain normal application program and the reciver feature of the Android installation package name of a certain Trojan, the version number of the Trojan, a specific character string in an ELF file of the Trojan, and the like.

The identifiers related to the security level, i.e. black, white (security) or grey (unknown, suspicious) identifiers, can be further expressed as:

safety: the application program is a normal application program and has no behavior threatening the safety of the mobile phone of the user;

danger: the application presents a security risk, and it is possible that the application itself is malware; the application program is normal software originally published by a regular company, but the privacy of the user and the security of the mobile phone are threatened due to security holes;

prudent: the application is a normal application, but there are some problems, such as allowing users to be deducted carelessly, or having unfriendly advertisement to be complained; when such an application is discovered, the user is prompted to take caution and inform the application of possible behavior, but the user decides at his discretion whether to clear the application;

and (3) Trojan horse: the application is a virus, Trojan horse, or other malware, collectively referred to herein for simplicity as a Trojan horse, but does not mean that the application is simply a Trojan horse.

In an embodiment of the method of the present invention, information of a notification bar entry of an interception process may be further obtained, where the information of the notification bar entry includes a display view of the notification bar entry and an operation behavior response of the notification bar entry. Further, a display view of the notification bar entry may be presented. If the operation behavior of the user on the notification bar entry is obtained, response processing can be performed on the operation behavior of the user on the notification bar entry in a memory cache or database cache mode according to the click response behavior of the notification bar entry.

Specifically, when the second application program sends the Notification bar entry, a Notification entity class is constructed to indicate a Notification bar entry to be displayed. All information of the Notification bar entry is contained in the Notification entity class, and what is more important is the display view of the Notification bar entry and the operation behavior response of the Notification bar entry.

The display view of the notification bar entry may be implemented by a RemoteViews object. The RemoteViews object is a serializable object, and the RemoteViews object can be serialized into a byte stream and stored in a physical file such as a disk. When the notification bar entry needs to be viewed, the corresponding byte stream can be read from a physical file such as a disk, then the byte stream is deserialized into a RemoteViews object, and the View object can be constructed through an application method, so that the purpose of displaying the display View of the notification bar entry can be achieved.

It should be noted that the physical file may be stored in a memory cache manner, and has a characteristic of fast response, and the physical file may disappear after the mobile terminal is restarted, or may also be stored in a database cache manner, and has a characteristic of persistence, and the physical file may not disappear after the mobile terminal is restarted, and may be reloaded into the memory, and the like, which is not particularly limited in this embodiment.

The operation behavior response of the notification bar entry refers to the operation behavior of the notification bar entry, such as the response behavior after clicking. The response behavior may be specifically realized by PendingIntent. And PendingIntent is non-serializable, an event handler maintained with an android ActvityManagerService. The event handle actually corresponds to an Intent object, which is a serializable object that can be serialized into a byte stream stored in a physical file such as a disk. When the user needs to respond to the operation behavior of the notification bar entry, the corresponding byte stream can be read from a physical file such as a disk, and then deserialized into an Intent object. Thus, through the Intent object, an operational behavior event, such as a single click event, can be implemented instead of Pendingintent.

Specifically, an Application Programming Interface (API) call used by the second Application to send the notification bar entry may be detected in a code injection manner, and then the object parameter of the notification bar entry is taken out.

In yet another embodiment of the method of the present invention, a power saving policy may also be set according to a packet name of the application; and the cloud server generates a power saving database according to the program with the power saving strategy. And if the cloud server receives the newly added program and the power saving strategy of the application program, updating the newly added program and the power saving strategy into a power saving database. That is, the power saving database correspondingly records the program and the power saving policy of the application program.

The power saving policy recorded in the power saving database may include: unloading and forbidding self-starting; the power saving policy may further include: ending the operation, keeping the current state or being suitable for long-term operation and the like.

For example, a technician may set a keep-alive power saving policy for a health class program, or a clock weather class program; and a power saving prohibition strategy is set for programs such as account synchronization and the like.

Preferably, in order to obtain a more targeted power saving database and reduce the space occupied by the obtained power saving database, a specific method for the cloud server to customize the power saving database for different types of mobile terminals respectively includes: if the monitoring software finds that an unknown program is installed in the mobile terminal, the program information of the application program and the model information of the mobile terminal can be uploaded to a cloud server through a network such as the Internet; setting a power saving strategy for a program received by the cloud server by professional technicians, for example, setting the power saving strategy according to model information model; and the cloud server generates a power saving database corresponding to the model information according to the program with the power saving strategy under the model information name aiming at each model information.

The cloud server generates and maintains a power saving database, and the mobile terminal can download the power saving database from the server and store the power saving database in the local for power saving suggestion to a user.

A specific method for downloading the power-saving database from the server by the mobile terminal can be that the mobile terminal reports the model information of the mobile terminal to the server through a network; for example, the unicom version of the 2G memory is gorgeous 3C smart phone, and after the phone is judged to be connected to the network, the model number U30-H10 of the phone is extracted from the pre-stored system information and reported as the model information to the server through the network.

After receiving the model information reported by the mobile terminal, the server searches the power-saving databases corresponding to the received model information from the power-saving databases corresponding to the model information respectively, and returns the model information to the mobile terminal reporting the model information through the network.

And the mobile terminal receives and stores the power saving database returned by the server.

The mobile terminal of the embodiment of the invention performs power saving suggestion based on the downloaded power saving database according to the following procedures, and specifically comprises the following steps:

step one, acquiring a program list of the installed application programs in the mobile terminal.

Specifically, the mobile terminal acquires a program list of installed application programs from system information recorded by an operating system of the mobile terminal. The program list may include: the name and installation path of the application; the program list may further include: the occupied space of the application program, the number of the currently running processes and services, the accumulated running time and the like.

And step two, searching whether a power saving strategy of the application program is stored in a local power saving database or not aiming at each application program in the program list.

Specifically, the mobile terminal determines, for each application in the program list, whether the application can be found in the downloaded power saving database: if yes, searching the power saving strategy of the application program in a power saving database; otherwise, the power saving strategy of the application program is not searched.

And step three, counting the power consumption information of each application program with the power saving strategy, and sequencing each application program according to the power consumption information.

Specifically, the mobile terminal detects power consumption information of each application program for which the power saving policy is found; counting the power consumption of the application program in unit time according to the detected power consumption information; further counting the power consumption per unit time of each application program for finding the power saving strategy; and sequencing the application programs according to the counted power consumption in unit time. The power consumption information of the application includes: the number of awakenings and the runtime of the application, etc.

Preferably, the mobile terminal determines, for each application program for which the power saving policy is found, a power consumption level of the application program according to a power consumption ratio of the application program per unit time; if the application program with the power consumption level exceeding the set level is judged to exist, the power consumption program is prompted to exist, and the number of the programs with the power consumption level exceeding the set level is displayed.

And step four, when the application program with the power consumption information exceeding the set power consumption level requests self-starting, triggering an interception process.

In a further embodiment of the method of the present invention, the number of times of the self-starting of the second application program may be counted, and then, according to the counted number of times of the self-starting of the second application program, the power saving suggestion may be performed according to the following procedure, which specifically includes the following steps:

step one, obtaining the self-starting times of the first application program to the second application program;

step two, obtaining the total times of self-starting of the second application program;

thirdly, obtaining a proportional value according to the self-starting times of the first application program to the second application program and the total self-starting times of the second application program;

and step four, when the application program with the proportion value reaching or exceeding the set threshold value requests self-starting, triggering an interception process.

As shown in fig. 2, the apparatus 20 in this embodiment may include a self-interception request receiving unit 202, a policy obtaining unit 204, and an interception processing unit 206. Wherein,

a self-starting request receiving unit 202, configured to receive a self-starting request of a first application to a second application in a service manner;

a policy obtaining unit 204, configured to obtain an application authorization authority list;

an interception processing unit 206, configured to determine, according to the packet identifier of the first application program and the packet identifier of the second application program carried in the self-starting request, whether to intercept the self-starting request of the first application program to the second application program in a service manner, and intercept the self-starting request of the first application program to the second application program in a service manner if the packet identifier of the first application program and the packet identifier of the second application program are consistent with an interception policy stored in the application program authorization permission list.

In this embodiment, since the application program that is useless to the user and/or does not help the start of another application program can be intercepted according to the packet identifier of the called first application program and the packet identifier of the second application program, the operation speed of the terminal can be increased, and the power can be saved for the terminal.

Further, in another embodiment of the apparatus of the present invention, the policy obtaining unit 204 is further configured to retrieve, from a local policy database, an interception policy corresponding to the packet identifier of the first application and the packet identifier of the second application, and store the obtained interception policy in the application authorization permission list.

Further, the policy obtaining unit 204 is further configured to send a request to a cloud server through a remote policy interface and obtain a fed-back interception policy corresponding to the packet identifier of the first application program and the packet identifier of the second application program.

Further, in another embodiment of the apparatus of the present invention, the apparatus may further include:

Further, in still another embodiment of the apparatus of the present invention, the apparatus may further include:

In addition, the interception policy in the above embodiment may include, but is not limited to, determining whether to intercept based on the package identifier of the application and the security level set by the cloud server for each application.

Further, the security levels set by the cloud server for the application programs include black, gray and white levels, which correspond to prohibition, selection by a user and direct execution respectively.

In yet another embodiment of the apparatus of the present invention, the apparatus may further comprise:

In a further embodiment of the device according to the invention,

The first application and the second application are unrelated applications.

It should be noted that the above-mentioned device for application program authority management can be separately arranged or arranged in the Activity component.

As shown in fig. 3, the mobile terminal 30 in this embodiment may include: a broadcast receiver component 302, a service component 304, and an application rights management device 306. Wherein, the device 306 for managing application program authority can be realized by the foregoing embodiments. And, the broadcast receiver component 302 and the service component 304 interact with the application rights management device 306 with the self-start information, respectively.

As shown in fig. 4, compared to the embodiment in fig. 3, the mobile terminal 40 in this embodiment may further include: a content provider component 402. Wherein the Content Provider component 402 interacts with the application rights management device 306 with the self-start information initiated by the Content Provider means.

As shown in fig. 5, the system 50 in this embodiment may include a cloud server 502 and a mobile terminal 504, where the mobile terminal 504 may be implemented by the foregoing embodiments. The cloud server 502 stores security levels set for each application, which may include, but are not limited to, black, gray, and white levels, which correspond to prohibition, selection by a user, and direct execution, respectively.

Further, the cloud server 502 may also produce, store, and maintain a power-saving database.

In practical application programs, when useless inter-modulation is performed between application programs in the same product, for example, when inter-modulation is performed between products in Tencent or Ali, the method of the present invention can be used to prohibit the self-starting of some useless application programs, so as to save the system resources of the terminal. Also, the invention can block rogue wake-up for some applications.

It should be noted that, in the present invention, the HOOK framework has been made into a service platform, and the terminal configuration monitoring is performed in a HOOK plug-in manner, so that the loading thereof only needs to rely on corresponding configuration files, the management is efficient and easy to implement, for a technician, some simple function calls only need to write configuration files to implement the configuration of the HOOK plug-in, and the HOOK reentry and concurrency performance is high.

The monitoring of program behaviors and the loading of the target application program are sequentially realized by adopting the shell application program, and then the monitoring of event behaviors of the target application program is established by monitoring, so that the Java function and Native function can be hooked.

The method is not only suitable for the Dalvik mode, but also suitable for the ART mode, the function performance of the Dalvik mode and the ART mode is not different, a user does not need to adapt to different modes to compile different codes, and development work is simplified (Android version numbers 4.4.2, 4.4.3 and 4.4.4 are tested in a small range).

The following data have been found to demonstrate the superiority of the examples of the present invention:

(1) according to the development example, 107 mainstream application software (such as QQ, WeChat, microblog, cell phone guard, payment type, various group purchase apps, video playing software and the like) are subjected to stability deep test on 16 mobile phones and can run normally.

(2) The test of the development example of the invention covers the version number of the Android operating system of the mobile phone from 2.3 to 4.4.3. The models comprise nexus4/5, 7, Samsung, millet, Huashi, Leoni, HTC and partial Sazaizi mobile phones, and the models all obtain excellent performances.

The method and system of the present invention may be implemented in a number of ways. For example, the methods and systems of the present invention may be implemented in software, hardware, firmware, or any combination of software, hardware, and firmware. The above-described order for the steps of the method is for illustrative purposes only, and the steps of the method of the present invention are not limited to the order specifically described above unless specifically indicated otherwise. Further, in some embodiments, the present invention may also be embodied as a program recorded in a recording medium, the program including machine-readable instructions for implementing a method according to the present invention. Thus, the present invention also covers a recording medium storing a program for executing the method according to the present invention.

The description of the present invention has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the invention in the form disclosed. Many modifications and variations will be apparent to practitioners skilled in this art. The embodiment was chosen and described in order to best explain the principles of the invention and the practical application, and to enable others of ordinary skill in the art to understand the invention for various embodiments with various modifications as are suited to the particular use contemplated.

Claims

1. A method for application rights management, comprising:

acquiring an application program authorization authority list;

2. The method for application rights management according to claim 1, wherein before obtaining the list of application authorized rights, further comprising:

3. The method for application rights management according to claim 2, wherein before storing the obtained interception policy in the application authorization rights list, further comprising:

4. The method of application rights management of claim 1, further comprising:

5. The method of application rights management of claim 1, further comprising:

a display view that presents the notification bar entry;

6. The method for application rights management according to any of claims 1 to 5, wherein the method further comprises:

obtaining the total self-starting times of the second application program;

7. The method for application rights management according to any of claims 1 to 5,

The first application and the second application are unrelated applications.

8. An apparatus for application rights management, comprising:

9. A mobile terminal comprising a broadcast receiver component, a service component and means for application rights management as claimed in claim 8.

10. A system for managing application program rights, comprising a cloud server and the mobile terminal of claim 9.