[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN114611132A - Privacy compliance detection method and privacy compliance detection device for mobile application software - Google Patents

Privacy compliance detection method and privacy compliance detection device for mobile application software Download PDF

Info

Publication number
CN114611132A
CN114611132A CN202011441774.XA CN202011441774A CN114611132A CN 114611132 A CN114611132 A CN 114611132A CN 202011441774 A CN202011441774 A CN 202011441774A CN 114611132 A CN114611132 A CN 114611132A
Authority
CN
China
Prior art keywords
privacy
application software
mobile application
protocol policy
text
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202011441774.XA
Other languages
Chinese (zh)
Inventor
吕石奎
齐向东
吴云坤
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Qax Technology Group Inc
Secworld Information Technology Beijing Co Ltd
Original Assignee
Qax Technology Group Inc
Secworld Information Technology Beijing Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Qax Technology Group Inc, Secworld Information Technology Beijing Co Ltd filed Critical Qax Technology Group Inc
Priority to CN202011441774.XA priority Critical patent/CN114611132A/en
Publication of CN114611132A publication Critical patent/CN114611132A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/205Parsing
    • G06F40/216Parsing using statistical methods
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/20Natural language analysis
    • G06F40/279Recognition of textual entities
    • G06F40/289Phrasal analysis, e.g. finite state techniques or chunking
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F40/00Handling natural language data
    • G06F40/30Semantic analysis

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • General Health & Medical Sciences (AREA)
  • Health & Medical Sciences (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • Computational Linguistics (AREA)
  • Audiology, Speech & Language Pathology (AREA)
  • Artificial Intelligence (AREA)
  • Bioethics (AREA)
  • Medical Informatics (AREA)
  • Software Systems (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Databases & Information Systems (AREA)
  • Probability & Statistics with Applications (AREA)
  • Telephone Function (AREA)

Abstract

The invention provides a privacy compliance detection method, a privacy compliance detection device, computer equipment and a readable storage medium of mobile application software, wherein the method comprises the following steps: responding to a privacy compliance detection command, and acquiring mobile application software to be detected; running the mobile application software based on a sandbox technology, and collecting privacy information collection and use behaviors generated in the running process of the mobile application software; detecting the private information collection and use behaviors, and determining whether the private information collection and use behaviors are in compliance; acquiring a privacy protocol policy text in the mobile application software, and identifying semantic content in the privacy protocol policy text; and detecting the semantic content to determine whether the privacy protocol policy text is in compliance. The method and the device can timely and comprehensively find the safety and compliance hidden dangers related to privacy in the mobile application software, thereby ensuring the compliance of the user in the application software using process.

Description

Privacy compliance detection method and privacy compliance detection device for mobile application software
Technical Field
The invention relates to the technical field of network security, in particular to a privacy compliance detection method and a privacy compliance detection device for mobile application software.
Background
Along with the popularization and promotion of the intelligent mobile terminal, the mobile application software also enters a rapid development stage, and more application software is used by users in the intelligent mobile terminal. The mobile application software is more or less related to user privacy during the use process, for example, album information, address book information and the like of the intelligent mobile terminal are read, and if the information is acquired by illegal software vendors, serious loss may be caused to the user.
The existing mobile application software privacy compliance detection is mostly carried out by a vulnerability testing method. The detection method has the defects of incomplete detection range and easy occurrence of false negative or false positive, and a large amount of resources need to be consumed in the detection process, so the detection efficiency is low.
Disclosure of Invention
The invention aims to provide a technical scheme capable of comprehensively and quickly detecting privacy related behaviors in mobile application software so as to solve the problems in the prior art.
In order to achieve the above object, the present invention provides a privacy compliance detection method for mobile application software, comprising the following steps:
responding to a privacy compliance detection command, and acquiring mobile application software to be detected;
running the mobile application software based on a sandbox technology, and collecting privacy information collection use behaviors generated in the running process of the mobile application software;
detecting the private information collection use behavior, and determining whether the private information collection use behavior is in compliance;
acquiring a privacy protocol policy text in the mobile application software, and identifying semantic content in the privacy protocol policy text;
and detecting the semantic content to determine whether the privacy protocol policy text is in compliance.
According to the privacy compliance detection method provided by the invention, the step of running the mobile application software based on the sandbox technology and collecting the privacy information collection use behavior generated in the running process of the mobile application software comprises the following steps:
building a base layer, a data layer, a service layer and a result layer in the sandbox; the base layer is used for recording operation behavior logs of applications, providing a filter aiming at the logs, automatically triggering specific operation behaviors and determining the incidence relation among the operation behaviors; the data layer is used for storing the log and providing a corresponding filtering and extracting interface; the business layer is used for carrying out business analysis on the operation behaviors of the application, and comprises the steps of establishing behavior description, analyzing the relevance of the log and judging the risk level according to the sensitivity degree of the operation behaviors; the result layer is used for outputting the analysis result of the service layer in a specific format;
running the mobile application software in the built sandbox;
and sequentially triggering the mobile application software to execute corresponding operations based on a preset triggering flow so as to acquire the dynamic privacy information collection and use behaviors of the mobile application software.
According to the privacy compliance detection method provided by the invention, the dynamic privacy information collection use behavior is obtained through a log file corresponding to a HOOK breakpoint, and the log file comprises at least one of the following:
the file operation records comprise one or more of the operation records of adding, deleting, modifying and checking the memory card files, the private directory files or the temporary directory files;
the interface file comprises an operation interface snapshot file in a specific application scene;
personal sensitive data acquisition records, including acquisition records of address list or geographical location information;
and the network behavior record comprises the address of the connected server or the uploaded personal information content.
According to the privacy compliance detection method provided by the invention, the step of detecting the privacy information collection use behavior and determining whether the privacy information is in compliance comprises any one or more of the following steps:
detecting personal information items acquired, stored and transmitted by the mobile application software through a system API and a user input mode in the running process;
identifying the third-party SDK through the code characteristic, the embedded file characteristic, the network characteristic and the configuration information characteristic;
identifying whether the personal information acquisition, storage and transmission behaviors belong to the self behaviors of the mobile application software or the third-party SDK behaviors;
filtering a server list accessed by the mobile application software in the running process, and detecting the data outbound condition;
and detecting whether the mobile application software application permission behaviors meet the standard or not in a mode of enumerating all calling APIs.
According to the privacy compliance detection method provided by the invention, the steps of acquiring the privacy protocol policy text in the mobile application software and identifying semantic content in the privacy protocol policy text comprise:
performing word segmentation processing, part of speech tagging and semantic tagging on the privacy protocol policy text respectively; the word segmentation processing is used for dividing a text sentence in the privacy protocol policy text into a plurality of words, the part-of-speech tagging is used for respectively tagging forward parts of speech or reverse parts of speech to the divided words, and the semantic tagging is used for tagging text meanings of the text sentence after the part-of-speech tagging;
dividing the privacy protocol text into a plurality of paragraphs according to the semantic annotation result;
and performing data filtering on each paragraph to form a data set, inputting the characteristics of the data set into an LDA model, extracting a subject field corresponding to each paragraph, and performing semantic content analysis.
According to the privacy compliance detection method provided by the invention, the step of detecting the semantic content and determining whether the privacy protocol policy text is compliant comprises any one or more of the following steps:
carrying out integrity detection on the privacy protocol policy text according to the semantic content, and determining whether the privacy protocol policy text contains necessary content;
detecting personal information items which are declared to be acquired in the privacy protocol policy text according to the semantic content, and determining whether the personal information items to be acquired contain personal information which is forbidden to be acquired by law and personal information which is collected and used in an out-of-range mode;
detecting personal authority information declared in the privacy protocol policy according to the semantic content, and determining whether the authority information contains the authority of excessive application;
words that are not described in the privacy protocol policy are detected according to the semantic content.
According to the privacy compliance detection method provided by the invention, the method further comprises one or more of the following steps:
the privacy information collection and use behavior is subjected to authenticity detection according to the privacy protocol policy text, and whether the collection and use personal information behavior described in the privacy protocol policy text is consistent with the actual collection and use personal information behavior of the mobile application is determined;
detecting the private information collection and use behaviors of the third-party SDK according to the private protocol text, and determining whether the private information collection and use behaviors of the third-party SDK described in the private protocol policy text are consistent with the behaviors of the third-party SDK for actually collecting and using the personal information;
and for the detection of the data outbound condition, filtering the server list accessed in the application running process to detect whether the data outbound condition is in compliance.
The privacy compliance detection method provided by the invention is characterized by further comprising the following steps:
acquiring national standard and regulation files related to information safety;
and analyzing the national standard and regulation files, and determining the detection items of the private information collection using behaviors or the detection items of the privacy protocol policy text according to the analysis result.
In order to achieve the above object, the present invention further provides a privacy compliance detection apparatus for mobile application software, including:
the application acquisition module is suitable for responding to a privacy compliance detection command and acquiring the mobile application software to be detected;
the privacy information monitoring module is suitable for running the mobile application software based on a sandbox technology and collecting privacy information collection and use behaviors generated in the running process of the mobile application software;
the behavior detection module is suitable for detecting the private information collection and use behavior and determining whether the private information collection and use behavior is in compliance;
the privacy protocol policy module is suitable for acquiring a privacy protocol policy text in the mobile application software and identifying semantic content in the privacy protocol policy text;
and the protocol detection module is suitable for detecting the semantic content and determining whether the privacy protocol policy text is in compliance.
To achieve the above object, the present invention further provides a computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the above method when executing the computer program.
To achieve the above object, the present invention also provides a computer-readable storage medium having stored thereon a computer program which, when executed by a processor, performs the steps of the above method.
The privacy compliance detection method, the privacy compliance detection device, the computer equipment and the computer readable storage medium of the mobile application software can comprehensively and completely detect the privacy information collection and use behaviors of the mobile application software in the running process under the condition that the normal use of the mobile application software is not influenced; meanwhile, the private agreement policy text carried by the mobile application software can be detected, so that the non-compliant items in the private information collection and use behaviors and the non-compliant items in the private agreement policy text and the items of the private information collection and use behaviors and the private agreement policy text which are inconsistent are found. The method and the device can timely and comprehensively find the potential safety hazards related to privacy in the mobile application software, thereby ensuring the safety of users in the process of using the mobile application software.
Drawings
FIG. 1 is a flowchart of a first embodiment of a privacy compliance detection method of the present invention;
FIG. 2 is a diagram of a sandbox according to an embodiment of the present invention;
fig. 3 is a flowchart illustrating an analysis process performed on a privacy protocol policy text based on an LDA model according to an embodiment of the present invention;
FIG. 4 is a schematic flow chart illustrating detection of a privacy protocol policy text according to an embodiment of the present invention;
FIG. 5 is a block diagram of a first embodiment of a privacy compliance detection apparatus according to the present invention;
fig. 6 is a hardware configuration diagram of a first embodiment of the privacy compliance detection apparatus according to the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, the present invention is described in further detail below with reference to the accompanying drawings and embodiments. It should be understood that the specific embodiments described herein are merely illustrative of the invention and are not intended to limit the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The privacy compliance detection method, the privacy compliance detection device, the computer equipment and the computer readable storage medium of the mobile application software can comprehensively and completely detect the privacy information collection and use behaviors of the mobile application software in the running process under the condition that the normal use of the mobile application software is not influenced; meanwhile, the private protocol policy text carried by the mobile application software can be detected, so that non-compliant items in the private information collection and use behaviors and non-compliant items in the private protocol policy text and items with inconsistent private information collection and use behaviors and the private protocol policy text can be found. The method and the device can timely and comprehensively find the potential safety hazards related to privacy in the mobile application software, thereby ensuring the safety of users in the process of using the mobile application software.
Example one
Referring to fig. 1, the present embodiment provides a method for detecting privacy compliance of mobile application software, including the following steps:
and S100, responding to the privacy compliance detection command, and acquiring the mobile application software to be detected.
In this embodiment, the privacy compliance detection process is started based on a privacy compliance detection command issued by a user, and an object of the privacy compliance detection may be application software on the mobile terminal. For example, the user may issue a privacy compliance detection command through the detection system of the embodiment, so as to detect an application software installed in the mobile terminal. The application software to be detected can be selected according to different types, such as map navigation, network car booking, community social contact, network payment, news information, network shopping and the like.
The detection system of the embodiment can be arranged in any independent computer terminal, and the mobile terminal can be directly connected with the computer terminal through a USB interface or connected with the computer terminal in a two-dimensional code scanning mode. After determining the application software to be detected, the present embodiment uploads the installation program of the application software to be detected to the server terminal, so as to perform the subsequent detection process.
And S200, running the mobile application software based on a sandbox technology, and collecting privacy information collection and use behaviors generated in the running process of the mobile application software.
The sandbox provides a runtime environment for the application software to be tested by adopting the deep custom ROM, and identifies behaviors of application triggering and third-party SDK triggering, such as privacy information collection, use, storage, transmission and the like in the application running process. Specifically, the sandbox in this embodiment includes a real machine sandbox and a simulator sandbox, where the simulator sandbox is constructed based on a virtual machine and is used to detect various automatic detection items in the application software process. The real-machine sandbox is an isolation environment established in a real mobile terminal, is provided with hardware devices such as a camera, a loudspeaker and a microphone, and can truly simulate specific application scenes such as starting the camera and starting the microphone. Through combining together simulator sandbox and real quick-witted sandbox, can improve the degree of automation of testing process to guarantee the integrality and the authenticity that detect.
In the step, the obtained application software to be detected is installed in a real machine sandbox and a virtual machine sandbox, and the application software is sequentially triggered to execute corresponding operations based on a preset triggering process, so that dynamic privacy information collection and use behaviors of the application software are obtained. For example, when the application software is started for the first time, the software interface firstly confirms whether a privacy policy popup exists, whether privacy policy connection is valid or not and whether personal information of the test terminal is collected or not; after triggering the instruction of agreeing with the privacy policy protocol, whether the camera is allowed to be started, whether the address book is allowed to be read and the like are detected. In the process, detection sequentially carries out behavior confirmation on personal information acquired, stored and uploaded by application software. For example, according to relevant policy provisions, the application software is not allowed to collect any personal information until the user agrees to the privacy policy agreement. If the present embodiment detects the act of the application software collecting usage of the personal privacy information prior to receiving the instruction to agree to the privacy policy agreement, then the privacy information collecting usage act is non-compliant.
The embodiment detects the behavior of the application software for dynamically collecting and using the personal privacy information on the basis of triggering the application software to execute the related operation. Specifically, the privacy behavior of the application software dynamic information collection is obtained through log files corresponding to the HOOK breakpoints, that is, a plurality of HOOK breakpoints are set at each stage of the trigger program to collect corresponding logs, whether the application software has the privacy information collection use behavior or not is analyzed through log information, and whether the current privacy information collection use behavior is in compliance or not is judged according to a preset rule.
The log file in this embodiment includes, but is not limited to, the following:
the file operation records comprise the operation records of adding, deleting, modifying and checking the memory card files, the private directory files and the temporary directory files; the interface file comprises an operation interface snapshot file in a specific application scene; personal sensitive data acquisition records, including acquisition records of address list and geographical location information; and the network behavior record comprises the address of the connected server and the uploaded personal information content.
S300, detecting the private information collection using behavior, and determining whether the private information collection using behavior is in compliance.
The rules according to which the privacy information collection and use behaviors are detected are realized by reading national relevant standards and industry internal standards, and the requirements related to APP compliance in official release specifications such as "personal information behavior identification method for App illegal collection and use", "personal information self-evaluation guide for APP illegal collection and use", "GB/T35273-2020 personal information safety specification for information technology", TC260-PG-20191A "network security practice guide-Mobile Internet application basic service function essential information specification" V1.0-201906 are covered, so that the comprehensive detection is performed on the application, the coverage of detection items is ensured to be comprehensive, and the detection result is accurate.
For each item in the above specification file, the present embodiment is provided with a corresponding detection step. For example, the specification file specifies that even if the user prohibits the application from obtaining the rights to use the IMSI information, the application still needs to be able to operate normally. According to the specification, the embodiment can set the authority for disabling the related personal information and detect whether the application software operates normally in the scene. If the application software cannot normally run when the permission is forbidden, the application software is not in compliance on the permission forbidden item.
In short, in this embodiment, for each standard specified in each type of specification file, a corresponding detection item is set, and the privacy information collection use behavior in the scene is detected by triggering the corresponding application scene, so that the non-compliant items existing in the privacy information collection use behavior are discovered in time.
The content of detecting the private information collection usage behavior in this embodiment includes, but is not limited to, the following items:
detecting personal information items acquired, stored and transmitted by the application software through a system API and a user input mode in the running process; identifying the third-party SDK through the code characteristic, the embedded file characteristic, the network characteristic and the configuration information characteristic; identifying whether the personal information acquisition, storage and transmission behaviors belong to the own behaviors of the application software or the third-party SDK behaviors; filtering a server list accessed by the application software in the running process, and detecting the data exit condition; and detecting whether the application software application permission behaviors meet the standard or not in a mode of enumerating all calling APIs.
As described above, in this embodiment, the running and detection of the application software are implemented based on the sandbox, so that an undisturbed isolation environment can be created, and the running process in the sandbox does not affect the normal use of the application software in the mobile terminal. Fig. 2 shows a sandbox structure applied in the first embodiment of the present invention. As shown in fig. 2, the sandbox applied in this embodiment mainly includes a base layer, a data layer, a service layer, and a result layer:
the basic layer integrates a Hook frame through customized development of the kernel, can add breakpoint records to a system key API, and records an operation log in the application execution process. While providing filters for log levels. And an automatic clicking module is added to realize automatic triggering of specific operation, and the association relation between execution behaviors is discovered by using a taint propagation analysis technology.
The data layer is used for storing all operation records and related parameters during sample execution and providing a filtering and extracting interface for the data.
The business layer provides business support for analyzing the sample execution data, including establishing behavior description, performing correlation analysis on the log, and determining the risk level of the sensitivity of the actual operation.
The result layer outputs the final result in a specific format, and the result contains the description of behavior outline, danger degree and the like during the execution of the sample.
Through the structure, the embodiment can acquire the privacy information collection use behavior of the application software in the running process in real time and output the detection result of whether the privacy information collection use behavior is in compliance or not.
S400, acquiring a privacy protocol policy text in the mobile application software, and identifying semantic content in the privacy protocol policy text.
It will be appreciated that each application, when first used, provides a privacy protocol policy to the user for declaring the use rules of the application for the user's private information during operation. In addition to detecting the privacy information collection use behavior of the application software, the embodiment may also perform compliance detection on the privacy protocol policy to determine whether the content contained in the text of the privacy protocol policy is compliant.
In an example, the embodiment analyzes and processes the privacy protocol policy text based on the LDA model, and a specific processing flow is shown in fig. 3, where the specific processing flow includes:
and S410, performing word segmentation processing, part-of-speech tagging and semantic tagging on the privacy protocol policy text respectively.
And through a privacy policy word bank, word segmentation is carried out on the policy text by using a word segmentation technology, and a word segmentation result contains meaningless stop word information. And performing stop word removal processing on the text after word segmentation to extract effective word segmentation results. And then performing word frequency statistics and part-of-speech tagging on the word segmentation result, identifying the forward part-of-speech and the reverse part-of-speech in the word segmentation result, and then performing semantic tagging on the text.
And S420, dividing the privacy protocol text into a plurality of paragraphs according to the semantic annotation result.
And S430, performing data filtering on each paragraph to form a data set, inputting the characteristics of the data set into an LDA model, extracting a subject field corresponding to each paragraph, and performing semantic analysis.
And performing data filtering on the segmentation result to form a data set, inputting the characteristics of the data set extracted from each paragraph into an LDA bag-of-words model, designating the total number of topics, establishing an LDA topic, extracting a paragraph description topic according to the conformity weight coefficient of the LDA topic, and determining a topic field.
Through the above steps, the present embodiment can determine each item of content specified by the privacy protocol policy.
And S500, detecting the semantic content, and determining whether the privacy protocol policy text is in compliance.
Fig. 4 shows a schematic flow chart of the detection of the privacy protocol policy text by the present embodiment. As shown in fig. 4, step S500 includes:
and S510, carrying out integrity detection on the privacy protocol policy text according to the semantic content, and determining whether the privacy protocol policy text contains necessary content. For example, whether the privacy agreement policy includes items that the legal regulations of the privacy data use expiration disposal clause, the minor privacy protection clause, the public transferor box, the operator information and the like must include is detected.
S520, detecting personal information items declared to be acquired in the privacy protocol policy text according to the semantic content, and determining whether the personal information items to be acquired contain information prohibited to be acquired by law and information collected beyond the range. The out-of-range information includes user personal information unrelated to normal operation of the mobile application software, including information such as a user's bank account number, home address, telephone number, and the like. For example, a word-backed application that frequently obtains geographic location information may be part of the over-range collection.
S530, detecting authority information declared in the privacy protocol policy according to the semantic content, and determining whether the authority information contains an excessive application authority, wherein the excessive application authority refers to an information acquisition authority which is irrelevant to the normal operation of the mobile application software and comprises an authority for acquiring documents stored in a mobile phone, an authority for acquiring photos, an authority for acquiring user identity numbers and the like. For example, if a certain word software acquires information such as an identification number and a bank card number of a user, there may be a case of applying an excessive right.
S540, words which are not described clearly in the privacy protocol policy, such as words which are described clearly and are easy to misunderstand, are detected according to the semantic content, wherein the words at least comprise words which are described clearly and are easy to misunderstand, and the words comprise words which are not limited to words.
Through the steps, the embodiment can comprehensively and completely detect the privacy agreement policy contained in the application software, and avoids the loss of the user caused by the unfavorable terms contained in the privacy agreement policy.
In addition to the above-described individual detection of the privacy information collection usage behavior of the application software during the operation in step S300 and the individual detection of the privacy protocol policy text in step S500, the present embodiment also detects the privacy information collection usage behavior in combination with the specification of the privacy protocol policy to determine whether the content specified in the privacy protocol policy is consistent with the actual privacy information collection usage behavior. The method specifically comprises the following steps:
s600, according to the privacy protocol policy text, authenticity detection is carried out on the privacy information collection and use behaviors, and whether the personal privacy information describing collection and use in the privacy protocol policy text conforms to the personal privacy information actually collected and used in the privacy information collection and use behaviors is determined.
For example, the privacy agreement policy text specifies that only geographical location information is collected, but the authenticity detection is not compliant if the geographical location information, address book information, and memory card information are actually collected in the privacy information collection use behavior.
S700, detecting the private information collection and use behavior of the third-party SDK according to the private protocol text, and determining whether the behavior of the third-party SDK for collecting and using the private information described in the private protocol policy text conforms to the actual collection and use behavior of the third-party SDK in the mobile application.
For example, the third-party SDK is specified in the privacy protocol policy text to only allow collection of camera information, but the third-party SDK also collects email information in actual privacy information collection and use behavior, and the third-party SDK collection and use personal information detection is not compliant.
In addition, the privacy detection method of the embodiment further includes detecting the data outbound situation, and filtering the server list accessed in the application running process to detect whether the data outbound situation is compliant, so as to avoid that data information which needs to be kept secret at home is illegally acquired abroad.
Note that, the items of detection of the private information collection and use behavior and the items of detection of the privacy protocol policy text according to the present embodiment are set according to the national standards and the documents of the regulations related to the information security. According to the embodiment, the newly released national standard and regulation file can be obtained in real time and analyzed, and the corresponding detection items are dynamically adjusted, added or deleted according to the analysis content, so that the privacy compliance detection method can keep pace with the current time, and the unification of the technical level and the standard level is really realized.
In summary, the privacy compliance detection method for application software provided in this embodiment can comprehensively and completely detect the behavior of actually collecting and using the privacy information of the application software and the behavior of using the personal privacy information of the application collection described by the privacy protocol policy, and timely find the content of the application software that is inconsistent with the legal provision or the privacy protocol policy of the application software, so as to prevent malicious software from stealing the user information, thereby improving the security of the mobile terminal.
Continuing to refer to fig. 5, a privacy compliance detection apparatus for mobile application software is shown, in this embodiment, the privacy compliance detection apparatus 50 may include or be divided into one or more program modules, and the one or more program modules may be stored in a storage medium and executed by one or more processors to implement the present invention and implement the privacy compliance detection method. The program module referred to in the present invention refers to a series of computer program instruction segments capable of performing specific functions, and is more suitable than the program itself for describing the execution process of the privacy compliance detection apparatus 50 in the storage medium. The following description will specifically describe the functions of the program modules of the present embodiment:
an application obtaining module 51, adapted to respond to the privacy compliance detection command, and obtain the mobile application software to be detected;
the private information collection and use behavior module 52 is adapted to run the mobile application software based on a sandbox technology, and collect the private information collection and use behavior generated in the running process of the mobile application software;
a behavior detection module 53, adapted to detect the private information collection usage behavior, and determine an non-compliant item in the private information collection usage behavior;
a privacy information monitoring module 54, adapted to obtain a privacy protocol policy text in the mobile application software, and identify semantic content in the privacy protocol policy text;
and the protocol detection module 55 is adapted to detect the semantic content and determine an noncompliant item in the privacy protocol policy text.
The embodiment also provides a computer device, such as a smart phone, a tablet computer, a notebook computer, a desktop computer, a rack server, a blade server, a tower server or a rack server (including an independent server or a server cluster composed of a plurality of servers) capable of executing programs, and the like. The computer device 60 of the present embodiment includes at least, but is not limited to: a memory 61, a processor 62, which may be communicatively coupled to each other via a system bus, as shown in FIG. 6. It is noted that fig. 6 only shows a computer device 60 with components 61-62, but it is to be understood that not all shown components are required to be implemented, and that more or fewer components may be implemented instead.
In the present embodiment, the memory 61 (i.e., a readable storage medium) includes a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, and the like. In some embodiments, the storage 61 may be an internal storage unit of the computer device 60, such as a hard disk or a memory of the computer device 60. In other embodiments, the memory 61 may also be an external storage device of the computer device 60, such as a plug-in hard disk, a Smart Media Card (SMC), a Secure Digital (SD) Card, a Flash memory Card (Flash Card), or the like, provided on the computer device 60. Of course, the memory 61 may also include both internal and external storage devices of the computer device 60. In this embodiment, the memory 61 is generally used for storing an operating system and various application software installed in the computer device 60, such as the program code of the privacy compliance detection apparatus 50 in the first embodiment. Further, the memory 61 may also be used to temporarily store various types of data that have been output or are to be output.
Processor 62 may be a Central Processing Unit (CPU), controller, microcontroller, microprocessor, or other data Processing chip in some embodiments. The processor 62 is typically used to control the overall operation of the computer device 60. In this embodiment, the processor 62 is configured to execute the program code stored in the memory 61 or process data, for example, execute the privacy compliance detection apparatus 50, so as to implement the privacy compliance detection method according to the first embodiment.
The present embodiment also provides a computer-readable storage medium, such as a flash memory, a hard disk, a multimedia card, a card-type memory (e.g., SD or DX memory, etc.), a Random Access Memory (RAM), a Static Random Access Memory (SRAM), a read-only memory (ROM), an electrically erasable programmable read-only memory (EEPROM), a programmable read-only memory (PROM), a magnetic memory, a magnetic disk, an optical disk, a server, an App application mall, etc., on which a computer program is stored, which when executed by a processor implements corresponding functions. The computer-readable storage medium of this embodiment is used to store the privacy compliance detection apparatus 50, and when executed by the processor, the privacy compliance detection method of the first embodiment is implemented.
The above-mentioned serial numbers of the embodiments of the present invention are merely for description and do not represent the merits of the embodiments.
Any process or method descriptions in flow charts or otherwise described herein may be understood as representing modules, segments, or portions of code which include one or more executable instructions for implementing specific logical functions or steps of the process, and alternate implementations are included within the scope of the preferred embodiment of the present invention in which functions may be executed out of order from that shown or discussed, including substantially concurrently or in reverse order, depending on the functionality involved, as would be understood by those reasonably skilled in the art of the present invention.
It will be understood by those skilled in the art that all or part of the steps carried by the method for implementing the above embodiments may be implemented by hardware related to instructions of a program, which may be stored in a computer readable medium, and when executed, the program includes one or a combination of the steps of the method embodiments.
In the description herein, references to the description of the term "one embodiment," "some embodiments," "an example," "a specific example" or "some examples" or the like are intended to mean that a particular feature, structure, material, or characteristic described in connection with the embodiment or example is included in at least one embodiment or example of the invention. In this specification, the schematic representations of the terms used above do not necessarily refer to the same embodiment or example. Furthermore, the particular features, structures, materials, or characteristics described may be combined in any suitable manner in any one or more embodiments or examples.
Through the description of the foregoing embodiments, it is clear to those skilled in the art that the method of the foregoing embodiments may be implemented by software plus a necessary general hardware platform, and certainly may also be implemented by hardware, but in many cases, the former is a better implementation.
The above description is only a preferred embodiment of the present invention, and not intended to limit the scope of the present invention, and all modifications of equivalent structures and equivalent processes, which are made by using the contents of the present specification and the accompanying drawings, or directly or indirectly applied to other related technical fields, are included in the scope of the present invention.

Claims (11)

1. A privacy compliance detection method of mobile application software is characterized by comprising the following steps:
responding to a privacy compliance detection command, and acquiring mobile application software to be detected;
running the mobile application software based on a sandbox technology, and collecting privacy information collection use behaviors generated in the running process of the mobile application software;
detecting the private information collection use behavior, and determining whether the private information collection use behavior is in compliance;
acquiring a privacy protocol policy text in the mobile application software, and identifying semantic content in the privacy protocol policy text;
and detecting the semantic content to determine whether the privacy protocol policy text is in compliance.
2. The privacy compliance detection method according to claim 1, wherein the step of running the mobile application software based on sandbox technology and collecting the privacy information collection usage behavior generated by the mobile application software during running comprises:
building a base layer, a data layer, a service layer and a result layer in the sandbox; the basic layer is used for recording operation behavior logs of the application, providing a filter aiming at the logs, automatically triggering specific operation behaviors and determining the incidence relation among the operation behaviors; the data layer is used for storing the log and providing a corresponding filtering and extracting interface; the business layer is used for carrying out business analysis on the operation behaviors of the application, and comprises the steps of establishing behavior description, analyzing the relevance of the log and judging the risk level according to the sensitivity degree of the operation behaviors; the result layer is used for outputting the analysis result of the service layer in a specific format;
running the mobile application software in the built sandbox;
and sequentially triggering the mobile application software to execute corresponding operations based on a preset triggering flow so as to acquire the dynamic privacy information collection and use behaviors of the mobile application software.
3. The privacy compliance detection method according to claim 2, wherein the dynamic privacy information collection usage behavior is obtained through a log file corresponding to a HOOK breakpoint, and the log file includes at least one of the following:
the file operation records comprise one or more of the operation records of adding, deleting, modifying and checking the memory card files, the private directory files or the temporary directory files;
the interface file comprises an operation interface snapshot file in a specific application scene;
personal sensitive data acquisition records, including acquisition records of address list or geographical location information;
and the network behavior record comprises the address of the connected server or the uploaded personal information content.
4. The privacy compliance detection method according to claim 3, wherein the step of detecting the privacy information collection usage behavior and determining whether the privacy information is compliant comprises any one or more of:
detecting personal information items acquired, stored and transmitted by the mobile application software through a system API and a user input mode in the running process;
identifying the third-party SDK through the code characteristic, the embedded file characteristic, the network characteristic and the configuration information characteristic;
identifying whether the personal information acquisition, storage and transmission behaviors belong to the self behaviors of the mobile application software or the third-party SDK behaviors;
filtering a server list accessed by the mobile application software in the running process, and detecting the data outbound condition;
and detecting whether the mobile application software application permission behaviors meet the standard or not in a mode of enumerating all calling APIs.
5. The privacy compliance detection method as claimed in claim 1, wherein the step of obtaining a privacy protocol policy text in the mobile application software, and identifying semantic content in the privacy protocol policy text comprises:
performing word segmentation processing, part of speech tagging and semantic tagging on the privacy protocol policy text respectively; the word segmentation processing is used for dividing a text sentence in the privacy protocol policy text into a plurality of words, the part-of-speech tagging is used for respectively tagging forward parts-of-speech or reverse parts-of-speech to the divided plurality of words, and the semantic tagging is used for tagging a text meaning to the text sentence after the part-of-speech tagging;
dividing the privacy protocol text into a plurality of paragraphs according to the semantic annotation result;
and performing data filtering on each paragraph to form a data set, inputting the characteristics of the data set into an LDA model, extracting a subject field corresponding to each paragraph, and performing semantic content analysis.
6. The privacy compliance detection method as claimed in claim 5, wherein the step of detecting the semantic content and determining whether the privacy protocol policy text is compliant comprises any one or more of:
carrying out integrity detection on the privacy protocol policy text according to the semantic content, and determining whether the privacy protocol policy text contains necessary content;
detecting personal information items which are declared to be acquired in the privacy protocol policy text according to the semantic content, and determining whether the personal information items to be acquired contain personal information which is forbidden to be acquired by law and personal information which is collected and used in an out-of-range mode;
detecting personal authority information declared in the privacy protocol policy according to the semantic content, and determining whether the authority information contains the authority of excessive application;
words that are not described in the privacy protocol policy are detected according to the semantic content.
7. The privacy compliance detection method of claim 1, further comprising one or more of:
the privacy information collection and use behavior is subjected to authenticity detection according to the privacy protocol policy text, and whether the collection and use personal information behavior described in the privacy protocol policy text is consistent with the actual collection and use personal information behavior of the mobile application is determined;
detecting the private information collection and use behaviors of the third-party SDK according to the private protocol text, and determining whether the private information collection and use behaviors of the third-party SDK described in the private protocol policy text are consistent with the behaviors of the third-party SDK for actually collecting and using the personal information;
and for the detection of the data outbound condition, filtering the server list accessed in the application running process to detect whether the data outbound condition is in compliance.
8. The privacy compliance detection method of claim 1, further comprising:
acquiring national standard and regulation files related to information safety;
and analyzing the national standard and regulation files, and determining the detection items of the private information collection using behaviors or the detection items of the private protocol policy text according to the analysis result.
9. A privacy compliance detection apparatus for mobile application software, comprising:
the application acquisition module is used for responding to a privacy compliance detection command and acquiring the mobile application software to be detected;
the privacy information monitoring module is suitable for running the mobile application software based on a sandbox technology and collecting privacy information collection and use behaviors generated in the running process of the mobile application software;
the behavior detection module is suitable for detecting the private information collection and use behavior and determining whether the private information collection and use behavior is in compliance;
the privacy protocol policy module is suitable for acquiring a privacy protocol policy text in the mobile application software and identifying semantic content in the privacy protocol policy text;
and the protocol detection module is suitable for detecting the semantic content and determining whether the privacy protocol policy text is in compliance.
10. A computer device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, characterized in that the steps of the method of any of claims 1 to 8 are implemented by the processor when executing the computer program.
11. A computer-readable storage medium, on which a computer program is stored, which, when being executed by a processor, carries out the steps of the method of any one of claims 1 to 8.
CN202011441774.XA 2020-12-08 2020-12-08 Privacy compliance detection method and privacy compliance detection device for mobile application software Pending CN114611132A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011441774.XA CN114611132A (en) 2020-12-08 2020-12-08 Privacy compliance detection method and privacy compliance detection device for mobile application software

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011441774.XA CN114611132A (en) 2020-12-08 2020-12-08 Privacy compliance detection method and privacy compliance detection device for mobile application software

Publications (1)

Publication Number Publication Date
CN114611132A true CN114611132A (en) 2022-06-10

Family

ID=81856461

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011441774.XA Pending CN114611132A (en) 2020-12-08 2020-12-08 Privacy compliance detection method and privacy compliance detection device for mobile application software

Country Status (1)

Country Link
CN (1) CN114611132A (en)

Cited By (8)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115118499A (en) * 2022-06-27 2022-09-27 重庆长安汽车股份有限公司 Privacy protection method, system, device and medium based on cloud architecture
CN115168901A (en) * 2022-07-22 2022-10-11 中国电信股份有限公司 Compliance determination method, compliance determination device, storage medium and electronic device
CN115587352A (en) * 2022-10-10 2023-01-10 奇安信科技集团股份有限公司 Privacy security monitoring method and device, electronic equipment and storage medium
CN116107911A (en) * 2023-03-29 2023-05-12 杭州海康威视数字技术股份有限公司 Privacy compliance automatic auditing method, device and system based on event replay
CN116108495A (en) * 2023-04-13 2023-05-12 北京中科特瑞科技有限公司 Method and system for realizing privacy computing sandbox based on container technology
CN117291192A (en) * 2023-11-22 2023-12-26 北京十环信息有限公司 Government affair text semantic understanding analysis method and system
CN118364514A (en) * 2024-06-20 2024-07-19 广州信安数据有限公司 APP sensitive behavior automatic combination rule detection method and computer program product
CN118606937A (en) * 2024-08-08 2024-09-06 天津商业大学 APP sensitive feature detection method and system based on large-scale language model

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108804912A (en) * 2018-06-15 2018-11-13 北京大学 A kind of application program based on authority set difference is gone beyond one's commission detection method
CN109600417A (en) * 2018-11-02 2019-04-09 阿里巴巴集团控股有限公司 A kind of method, apparatus, equipment and system tracking application access
CN110414241A (en) * 2019-08-05 2019-11-05 深圳市网安计算机安全检测技术有限公司 Privacy policy detection method, device, computer equipment and storage medium
US20200252377A1 (en) * 2019-02-05 2020-08-06 Cisco Technology, Inc. Facilitating user privacy in communications involving semantic-bearing ipv6 addresses

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN108804912A (en) * 2018-06-15 2018-11-13 北京大学 A kind of application program based on authority set difference is gone beyond one's commission detection method
CN109600417A (en) * 2018-11-02 2019-04-09 阿里巴巴集团控股有限公司 A kind of method, apparatus, equipment and system tracking application access
US20200252377A1 (en) * 2019-02-05 2020-08-06 Cisco Technology, Inc. Facilitating user privacy in communications involving semantic-bearing ipv6 addresses
CN110414241A (en) * 2019-08-05 2019-11-05 深圳市网安计算机安全检测技术有限公司 Privacy policy detection method, device, computer equipment and storage medium

Cited By (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115118499A (en) * 2022-06-27 2022-09-27 重庆长安汽车股份有限公司 Privacy protection method, system, device and medium based on cloud architecture
CN115118499B (en) * 2022-06-27 2023-06-02 重庆长安汽车股份有限公司 Privacy protection method, system, equipment and medium based on cloud architecture
CN115168901A (en) * 2022-07-22 2022-10-11 中国电信股份有限公司 Compliance determination method, compliance determination device, storage medium and electronic device
CN115587352A (en) * 2022-10-10 2023-01-10 奇安信科技集团股份有限公司 Privacy security monitoring method and device, electronic equipment and storage medium
CN116107911A (en) * 2023-03-29 2023-05-12 杭州海康威视数字技术股份有限公司 Privacy compliance automatic auditing method, device and system based on event replay
CN116108495A (en) * 2023-04-13 2023-05-12 北京中科特瑞科技有限公司 Method and system for realizing privacy computing sandbox based on container technology
CN117291192A (en) * 2023-11-22 2023-12-26 北京十环信息有限公司 Government affair text semantic understanding analysis method and system
CN117291192B (en) * 2023-11-22 2024-01-30 北京十环信息有限公司 Government affair text semantic understanding analysis method and system
CN118364514A (en) * 2024-06-20 2024-07-19 广州信安数据有限公司 APP sensitive behavior automatic combination rule detection method and computer program product
CN118606937A (en) * 2024-08-08 2024-09-06 天津商业大学 APP sensitive feature detection method and system based on large-scale language model

Similar Documents

Publication Publication Date Title
CN114611132A (en) Privacy compliance detection method and privacy compliance detection device for mobile application software
CN109743315B (en) Behavior identification method, behavior identification device, behavior identification equipment and readable storage medium for website
CN102768717B (en) Malicious file detection method and malicious file detection device
US20130117855A1 (en) Apparatus for automatically inspecting security of applications and method thereof
CN111835756B (en) APP privacy compliance detection method and device, computer equipment and storage medium
CN108763951B (en) Data protection method and device
CN104866770B (en) Sensitive data scanning method and system
CN102831021A (en) Method and device for interrupting or cleaning plugin
CN112035354A (en) Method, device and equipment for positioning risk code and storage medium
CN112560090A (en) Data detection method and device
CN112688966A (en) Webshell detection method, device, medium and equipment
CN113051613A (en) Privacy policy detection method and device, electronic equipment and readable storage medium
CN113177205A (en) Malicious application detection system and method
CN114398673A (en) Application compliance detection method and device, storage medium and electronic equipment
Liccardi et al. Improving mobile app selection through transparency and better permission analysis
CN112765672A (en) Malicious code detection method and device and computer readable medium
CN112433936A (en) Test method, test device and storage medium
CN112632538B (en) Android malicious software detection method and system based on mixed features
CN110929110A (en) Electronic document detection method, device, equipment and storage medium
CN106507300A (en) A kind of method for giving loss terminal for change, device and terminal
CN111241547A (en) Detection method, device and system for unauthorized vulnerability
JP5851311B2 (en) Application inspection device
CN113596600B (en) Security management method, device, equipment and storage medium for live broadcast embedded program
CN114925373A (en) Method for automatically identifying vulnerability of privacy protection policy of mobile application based on user comment
CN110928754A (en) Operation and maintenance auditing method, device, equipment and medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
CB02 Change of applicant information
CB02 Change of applicant information

Country or region after: China

Address after: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088

Applicant after: QAX Technology Group Inc.

Applicant after: Qianxin Wangshen information technology (Beijing) Co.,Ltd.

Address before: Room 332, 3 / F, Building 102, 28 xinjiekouwei street, Xicheng District, Beijing 100088

Applicant before: QAX Technology Group Inc.

Country or region before: China

Applicant before: LEGENDSEC INFORMATION TECHNOLOGY (BEIJING) Inc.