[go: up one dir, main page]
More Web Proxy on the site http://driver.im/

CN112214418B - Application compliance detection method and device and electronic equipment - Google Patents

Application compliance detection method and device and electronic equipment Download PDF

Info

Publication number
CN112214418B
CN112214418B CN202011399091.2A CN202011399091A CN112214418B CN 112214418 B CN112214418 B CN 112214418B CN 202011399091 A CN202011399091 A CN 202011399091A CN 112214418 B CN112214418 B CN 112214418B
Authority
CN
China
Prior art keywords
application program
target application
data item
data items
privacy policy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202011399091.2A
Other languages
Chinese (zh)
Other versions
CN112214418A (en
Inventor
王德胜
刘佳伟
章鹏
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Ant Blockchain Technology Shanghai Co Ltd
Original Assignee
Alipay Hangzhou Information Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Alipay Hangzhou Information Technology Co Ltd filed Critical Alipay Hangzhou Information Technology Co Ltd
Priority to CN202011399091.2A priority Critical patent/CN112214418B/en
Publication of CN112214418A publication Critical patent/CN112214418A/en
Application granted granted Critical
Publication of CN112214418B publication Critical patent/CN112214418B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F11/00Error detection; Error correction; Monitoring
    • G06F11/36Preventing errors by testing or debugging software
    • G06F11/3604Software analysis for verifying properties of programs
    • G06F11/3608Software analysis for verifying properties of programs using formal methods, e.g. model checking, abstract interpretation

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Software Systems (AREA)
  • Computer Hardware Design (AREA)
  • Quality & Reliability (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

The specification discloses a compliance detection method and device for an application program and electronic equipment, wherein the method comprises the following steps: acquiring the collection authority of a legal data item corresponding to the function type of a target application program from a compliance policy library of the application program; classifying the privacy policy text declared by the target application program based on a pre-trained target secondary classification model to obtain candidate texts for data item collection in the privacy policy text declared by the target application program; identifying data items which are acquired by the candidate text indication based on a pre-trained designated named entity identification model; and performing compliance detection on the data item acquisition permission of the target application program based on the acquisition permission of legal data items corresponding to the functions of the target application program, the data items acquired by the candidate text indication and the data items acquired by the code indication of the target application program.

Description

Application compliance detection method and device and electronic equipment
Technical Field
The present disclosure relates to the field of computer technologies, and in particular, to a method and an apparatus for detecting compliance of an application program, and an electronic device.
Background
In recent years, with the popularization of smart phones, the number of Applications (APPs) exceeds 500 million, and the APPs bring convenience to life of people and also bring problems of illegally collecting private information of users. In order to remedy the confusion of APP illegal collection of personal privacy information of users, the national regulatory department successively issues basic information security technology-mobile internet application program collection personal information specifications (for convenience of description, hereinafter referred to as "basic specifications"). The basic specification specifies the minimum necessary information of APP collectable users of common service types such as map navigation, network car booking, instant messaging, network community, network payment, news information, online shopping and the like.
Typically, the privacy policy terms of APP are written by professional legal personnel, and APP development is done by professional program developers. Due to different professional roles and different knowledge in professional fields, the situation that the actual acquisition behaviors and expressions of the three corresponding to the APP, the APP privacy policy terms and the APP actually executed codes are inconsistent or even conflicting occurs. Therefore, how to quickly and accurately detect the inconsistency among the three, and further avoid some illegal behaviors of the APP, which leads to the APP being processed by the compliance, still needs to provide a further solution.
Disclosure of Invention
The embodiment of the specification provides a compliance detection method and device for an application program and electronic equipment, so that the inconsistent situation of the three can be quickly and accurately detected, and the problem that the APP is subjected to compliance processing due to illegal behaviors of the APP is avoided.
In order to solve the above technical problem, the embodiments of the present specification are implemented as follows:
in a first aspect, a compliance detection method for an application program is provided, including:
acquiring the acquisition permission of legal data items corresponding to the function type of a target application program from a compliance policy library of the application program, wherein the acquisition permission of the legal data items of a plurality of application programs with different function types is stored in the compliance database of the application program, and the target application program belongs to the plurality of application programs;
classifying the privacy policy text declared by the target application program based on a pre-trained target secondary classification model to obtain candidate texts for data item collection in the privacy policy text declared by the target application program;
identifying data items which are acquired by the candidate text indication based on a pre-trained designated named entity identification model;
performing compliance detection on the data item acquisition permission of the target application program based on the acquisition permission of legal data items corresponding to the functions of the target application program, the data items acquired by the candidate text indication and the data items acquired by the code indication of the target application program; the code of the target application program indicates that the acquired data item is acquired based on the code of the target application program;
the target second classification model is obtained by training privacy policy texts based on a plurality of application programs and labels for indicating whether data item collection exists in the privacy policy texts, and the designated named entity recognition model is obtained by training the privacy policy texts based on the plurality of application programs and the labels for indicating the data item types in the privacy policy texts for indicating the data item collection exists.
In a second aspect, a compliance detection device for an application program is provided, which includes:
the system comprises a legal data item acquisition module, a legal data item acquisition module and a legal data item acquisition module, wherein the legal data item acquisition module is used for acquiring the acquisition permission of a legal data item corresponding to the function type of a target application program from a compliance policy library of the application program, the compliance database of the application program stores the acquisition permission of the legal data item of a plurality of application programs with different function types, and the target application program belongs to the plurality of application programs;
the candidate text acquisition module is used for classifying the privacy policy text declared by the target application program based on a pre-trained target secondary classification model so as to acquire candidate texts with data item acquisition in the privacy policy text declared by the target application program;
the data item acquisition module is used for identifying the data items acquired by the candidate text instruction based on a pre-trained designated named entity identification model;
the compliance detection module is used for carrying out compliance detection on the data item acquisition permission of the target application program based on the acquisition permission of legal data items corresponding to the functions of the target application program, the data items which are indicated to be acquired by the candidate texts and the data items which are indicated to be acquired by the codes of the target application program; the code of the target application program indicates that the acquired data item is acquired based on the code of the target application program;
the target second classification model is obtained by training privacy policy texts based on a plurality of application programs and labels for indicating whether data item collection exists in the privacy policy texts, and the designated named entity recognition model is obtained by training the privacy policy texts based on the plurality of application programs and the labels for indicating the data item types in the privacy policy texts for indicating the data item collection exists.
In a third aspect, an electronic device is provided, including:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
acquiring the acquisition permission of legal data items corresponding to the function type of a target application program from a compliance policy library of the application program, wherein the acquisition permission of the legal data items of a plurality of application programs with different function types is stored in the compliance database of the application program, and the target application program belongs to the plurality of application programs;
classifying the privacy policy text declared by the target application program based on a pre-trained target secondary classification model to obtain candidate texts for data item collection in the privacy policy text declared by the target application program;
identifying data items which are acquired by the candidate text indication based on a pre-trained designated named entity identification model;
performing compliance detection on the data item acquisition permission of the target application program based on the acquisition permission of legal data items corresponding to the functions of the target application program, the data items acquired by the candidate text indication and the data items acquired by the code indication of the target application program; the code of the target application program indicates that the acquired data item is acquired based on the code of the target application program;
the target second classification model is obtained by training privacy policy texts based on a plurality of application programs and labels for indicating whether data item collection exists in the privacy policy texts, and the designated named entity recognition model is obtained by training the privacy policy texts based on the plurality of application programs and the labels for indicating the data item types in the privacy policy texts for indicating the data item collection exists.
In a fourth aspect, a computer-readable storage medium is presented, the computer-readable storage medium storing one or more programs that, when executed by an electronic device that includes a plurality of application programs, cause the electronic device to:
acquiring the acquisition permission of legal data items corresponding to the function type of a target application program from a compliance policy library of the application program, wherein the acquisition permission of the legal data items of a plurality of application programs with different function types is stored in the compliance database of the application program, and the target application program belongs to the plurality of application programs;
classifying the privacy policy text declared by the target application program based on a pre-trained target secondary classification model to obtain candidate texts for data item collection in the privacy policy text declared by the target application program;
identifying data items which are acquired by the candidate text indication based on a pre-trained designated named entity identification model;
performing compliance detection on the data item acquisition permission of the target application program based on the acquisition permission of legal data items corresponding to the functions of the target application program, the data items acquired by the candidate text indication and the data items acquired by the code indication of the target application program; the code of the target application program indicates that the acquired data item is acquired based on the code of the target application program;
the target second classification model is obtained by training privacy policy texts based on a plurality of application programs and labels for indicating whether data item collection exists in the privacy policy texts, and the designated named entity recognition model is obtained by training the privacy policy texts based on the plurality of application programs and the labels for indicating the data item types in the privacy policy texts for indicating the data item collection exists.
The embodiment of the specification can achieve at least the following technical effects by adopting the technical scheme:
when the target application program is subjected to compliance detection, acquiring permission of legal data items corresponding to the function type of the target application program can be acquired from a compliance policy library of the application program, the acquisition permission of the legal data items of a plurality of application programs with different function types is stored in the compliance database of the application program, and the function type of the target application program is the same as the function type of one application program in the plurality of application programs; classifying the privacy policy text declared by the target application program based on a pre-trained target secondary classification model to obtain a candidate text for data item acquisition in the privacy policy text declared by the target application program; identifying data items which are acquired by candidate text indication based on a pre-trained designated named entity identification model; finally, performing compliance detection on the data item acquisition permission of the target application program based on the acquisition permission of the legal data item corresponding to the function of the target application program, the data item acquired by the candidate text indication and the data item acquired by the code indication of the target application program; wherein the code of the target application indicates that the collected data item was acquired based on the code of the target application.
The target second classification model is obtained by training based on privacy policy texts of a plurality of application programs and a label for indicating whether data item collection exists in the privacy policy texts, and the designated named entity recognition model is obtained by training based on the privacy policy texts of the plurality of application programs and the label for indicating the data item category in the privacy policy texts for indicating that data item collection exists. The method comprises the steps of automatically identifying data items appointed to be collected in a privacy policy text of a target application program by adopting a binary classification model and an appointed named entity model, comparing an identification result with collection permission of legal data items in a compliance policy library of the application program and data items actually collected by codes of the target application program, rapidly realizing compliance detection of the application program, and avoiding the application program from being off-shelf due to illegal behaviors.
Drawings
The accompanying drawings, which are included to provide a further understanding of the specification and are incorporated in and constitute a part of this specification, illustrate embodiments of the specification and together with the description serve to explain the specification and not to limit the specification in a non-limiting sense. In the drawings:
fig. 1 is a schematic flow chart of an implementation of a compliance detection method for an application program according to an embodiment of the present disclosure;
fig. 2 is a schematic diagram of a compliance detection method for an application program applied in an actual scenario according to an embodiment of the present disclosure;
fig. 3 is a schematic flowchart of a compliance detection method for an application applied to an actual scene according to an embodiment of the present disclosure;
FIG. 4 is a diagram illustrating a compliance detection report generated by a compliance detection method of an application according to an embodiment of the present disclosure;
FIG. 5 is a schematic structural diagram of a compliance detection device for an application according to an embodiment of the present disclosure;
fig. 6 is a schematic structural diagram of an electronic device according to an embodiment of the present disclosure.
Detailed Description
In order to make the purpose, technical solutions and advantages of this document more clear, the technical solutions of this specification will be clearly and completely described below with reference to specific embodiments of this specification and the accompanying drawings. It is to be understood that the embodiments described are only a few embodiments of this document, and not all embodiments. All other embodiments obtained by a person skilled in the art without making any inventive step based on the embodiments in this description belong to the protection scope of this document.
The technical solutions provided by the embodiments of the present description are described in detail below with reference to the accompanying drawings.
In order to quickly and accurately detect the inconsistency among the basic specification, the privacy policy clause and the code actually executed by the APP, and avoid the problem that the APP is subjected to compliance processing due to some illegal behaviors, the embodiment of the specification provides a compliance detection method for an application program, wherein when the compliance detection is performed on a target application program, the method can acquire the acquisition permission of the legal data item corresponding to the function type of the target application program from a compliance policy library of the application program, the acquisition permission of the legal data item of a plurality of application programs with different function types is stored in the compliance database of the application program, and the function type of the target application program is the same as the function type of one of the application programs; classifying the privacy policy text declared by the target application program based on a pre-trained target secondary classification model to obtain a candidate text for data item acquisition in the privacy policy text declared by the target application program; identifying data items which are acquired by candidate text indication based on a pre-trained designated named entity identification model; finally, performing compliance detection on the data item acquisition permission of the target application program based on the acquisition permission of the legal data item corresponding to the function of the target application program, the data item acquired by the candidate text indication and the data item acquired by the code indication of the target application program; wherein the code of the target application indicates that the collected data item was acquired based on the code of the target application.
The target second classification model is obtained by training based on privacy policy texts of a plurality of application programs and a label for indicating whether data item collection exists in the privacy policy texts, and the designated named entity recognition model is obtained by training based on the privacy policy texts of the plurality of application programs and the label for indicating the data item category in the privacy policy texts for indicating that data item collection exists. The method comprises the steps of automatically identifying data items appointed to be collected in a privacy policy text of a target application program by adopting a binary classification model and an appointed named entity model, comparing an identification result with collection permission of legal data items in a compliance policy library of the application program and data items actually collected by codes of the target application program, rapidly realizing compliance detection of the application program, and avoiding the application program from being off-shelf due to illegal behaviors.
The compliance detection method for the application program provided in the embodiments of the present disclosure, the execution subject of the method, may be but is not limited to at least one of a personal computer, a server, and other devices capable of being configured to execute the method provided in the embodiments of the present disclosure.
For convenience of description, the following description will be made of an embodiment of the method, taking an execution subject of the method as a server capable of executing the method as an example. It is understood that the implementation of the method by the server is merely an exemplary illustration and should not be construed as a limitation of the method.
Specifically, an implementation flow diagram of a compliance detection method for an application program provided in one or more embodiments of the present specification is shown in fig. 1, and includes:
s110, acquiring the collection authority of the legal data item corresponding to the function type of the target application program from a compliance policy library of the application program, wherein the collection authority of the legal data item of a plurality of application programs with different function types is stored in the compliance database of the application program, and the target application program belongs to the plurality of application programs.
Wherein the function type of the target application is the same as the function type of one of the plurality of applications. For example, the compliance database of the application program can store the collection authority of the legal data item of the APP with the map navigation function, the collection authority of the legal data item of the APP with the instant messaging function, the collection authority of the legal data item of the APP with the network car booking function, the collection authority of the legal data item of the APP with the network community function, the collection authority of the legal data item of the APP with the network payment function, the collection authority of the legal data item of the APP with the news information function, and the collection authority of the legal data item of the APP with the function types such as … ….
As described in the background art, in order to correct the confusion of the APP illegal collection user's individual privacy information, the national regulatory authorities issue "basic specifications" in sequence, which stipulate the minimum necessary information (i.e., the collection authority of the above-mentioned legal data item) of APP collectable users of common service types such as map navigation, network car booking, instant messaging, network community, network payment, news information, online shopping, and the like. The minimum necessary information is personal information which is used at least enough to ensure that the APP of a certain service type can normally operate, and includes personal information which, if the minimum necessary information is lacking, will cause the APP of the service type to be incapable of realizing or incapable of normally operating, and personal information which is required to be collected by laws and regulations.
Taking map navigation APP as an example, the APP can provide internet map and navigation functions for users. The minimum necessary information of the service type APP is shown in table 1, and as can be seen from table 1, the minimum necessary information of the user whose map navigation type APP is collectable, that is, the collection authority of the legal data item includes: the method is only used for determining the position of a user, providing accurate positioning information of map search display and navigation service, and judging real-time road conditions and replanning a track of a navigation route in the navigation service.
TABLE 1 minimum essential information of map navigation class APP
Type (B) Personal information Use requirement/relevant law and regulation basis
Legal and legal requirements Personal information of Network access log And the method is only used for meeting the requirements of related laws and regulations such as network security law and the like and the requirements of network security guarantee. Generally comprises The IP address, the user login time, the user logout time, etc., do not refer to the user operation behavior log.
Required for implementing service Personal information Position information and accurate positioning information Information track The precise positioning information is only used for determining the position of the user and providing map searching display and navigation services. Track of the track And the method is only used for judging real-time road conditions and replanning navigation routes in the navigation service.
And S120, classifying the privacy policy text declared by the target application program based on a pre-trained target two-classification model to obtain candidate texts with data item collection in the privacy policy text declared by the target application program.
It should be appreciated that the text of the privacy policy declared by the target application is often long and the professional, even professional legal, needs to spend a lot of time reading the privacy policy. In order to improve the efficiency of acquiring a text with a data item acquired in a text of a privacy policy declared by a target application program, the text with the data item acquired and the text without the data item acquired in the text of the privacy policy declared by the target application program can be classified through a pre-trained target two-classification model, and a candidate text with the data item acquired in the text of the privacy policy declared by the target application program can be acquired.
Optionally, classifying the privacy policy text declared by the target application program based on a pre-trained target secondary classification model to obtain a candidate text for data item collection in the privacy policy text declared by the target application program, including:
acquiring a privacy policy text declared by a target application program;
and classifying texts with data item acquisition and texts without data item acquisition in the privacy policy text declared by the target application program based on a pre-trained target two-classification model so as to obtain candidate texts with data item acquisition in the privacy policy text declared by the target application program.
The target second classification model is trained based on privacy policy texts of a plurality of application programs and a label used for indicating whether data item collection exists in the privacy policy texts.
Specifically, a privacy policy text set of mainstream APPs in the current market can be collected in advance, each text in the privacy policy texts is labeled, and the label of each text is used for representing whether data item collection exists in the text. For example, "to register an account number, we save your account number and mobile phone number information", and this text may be marked as "yes"; but we do not share and collect your personal location information, the sentence text may be marked as "no". That is, when a certain sentence text is labeled as a "yes" label, it may be labeled that there is a book item collection in the sentence text, and when a certain sentence text is labeled as a "no" label, it may be labeled that there is no book item collection in the sentence text.
Then, a target two-classification model in the embodiment of the present specification is trained according to the privacy policy text set of the mainstream APP labeled in advance, and the target two-classification model is stored for classifying the privacy policy text declared by the target application program, so as to obtain a candidate text for data item collection in the privacy policy text declared by the target application program. The target two-class model may be obtained by training using machine learning or deep learning methods such as SVM, decision tree, random forest, GBDT, Xgboost, Adboost, maximum entropy model, logistic regression model, neural network, and deep neural network (e.g., CNN, RNN, BERT + LR), and is not limited to these training methods.
And S130, identifying data items acquired by candidate text indication based on a pre-trained designated named entity identification model.
The named entity recognition model is appointed to be trained based on privacy policy texts of a plurality of application programs and labels of data item categories in the privacy policy texts for indicating that data item collection exists.
In order to identify which data items are declared to be collected by a candidate text in a privacy policy text declared by a target application program, a named Entity tagging model (also called named Entity identification, Name Entity Recognition (NER), for short, NER model) may be trained.
The method specifically can collect a privacy policy text set of mainstream APP in the current market, and each text in the privacy policy text set is marked by a BIOE marking method to declare which personal information related data items are collected. Wherein, BIOE represents the meanings: b, Begin, denotes Start; i, intermedate, denotes Intermediate; e, End, denotes End; o, Other, indicates otherwise, for marking extraneous characters. For example: marking the words that "you may need to provide information such as your name, sex, phone number, etc." results in: [ O, O, O, O, O, O, O, O, O, B-NAME, E-NAME, O, B-GENER, E-GENER, O, B-PHONE, I-PHONE, I-PHONE, E-PHONE, O, O, O, O ], wherein NAME represents NAME, GENDER represents GENDER, and PHONE represents cell PHONE number, all representing the category of the data item.
Then, training a designated named entity recognition model according to the data which is manually marked in advance, saving the designated named entity recognition model for recognizing the data item which is indicated and collected by the candidate text, and optionally, training the designated named entity recognition model by adopting at least one deep learning algorithm as follows:
hidden Markov Models (HMM); maximum Entropy Markov Model (Maximum Encopy Markov Model, MEMM); conditional Random Field model (CRF); proximity algorithm (NN)/Convolutional Neural Networks (CNN) -CRF; recurrent Neural Network (RNN) -CRF; bi-directional Long Short-Term Memory network (Bi-LSTM) + CRF; bidirectional Encoding Representations (BERT) from converters) + CRF.
The designated named entity recognition model adopts a sequence marking mode, so that not only can data items which are indicated to be collected in a privacy policy text declared by a target application program be recognized, but also the starting and ending position information of one or more contained data item sequences and the category information of the sequence data items can be recognized. Optionally, identifying the candidate text indication collected data item based on a pre-trained named entity recognition model comprises:
sequentially identifying the category of data items indicating acquisition in the candidate text based on a pre-trained designated named entity identification model;
and generating a candidate text indicating a collected data item list based on the category of the data item indicating the collection in the candidate text.
S140, performing compliance detection on the data item acquisition permission of the target application program based on the acquisition permission of the legal data item corresponding to the function of the target application program, the data item indicated to be acquired by the candidate text and the data item indicated to be acquired by the code of the target application program; the code of the target application indicates that the acquired data item was acquired based on the code of the target application.
Fig. 2 is a schematic diagram of a compliance detection method for an application program applied in an actual scenario according to an embodiment of the present disclosure. In fig. 2, a compliance policy library of an application program, a source code of an APP, and an APP privacy policy text may be input into an automated analysis system that merges a target binary model and a specified named entity identification model, and the automated analysis system first determines an acquisition permission of a legal data item that matches a function type of the APP from the compliance policy library of the application program; determining candidate texts for acquiring data items in the APP privacy policy texts and the types of the data items indicated to be acquired in the candidate texts by the automatic analysis system; then, the automatic analysis system scans and matches keywords related to the data items in the codes of the APP to obtain a data item list acquired by the code indication of the APP; and finally, performing compliance detection on the data item acquisition permission of the APP based on the acquisition permission of the legal data item corresponding to the function of the APP, the data item list acquired by the candidate text indication and the data item list acquired by the code indication of the APP to obtain a compliance detection report of the APP.
Optionally, performing compliance detection on the data item collection authority of the target application program based on the collection authority of the legal data item corresponding to the function of the target application program, the data item indicated to be collected by the candidate text and the data item indicated to be collected by the code of the target application program, including:
acquiring a code of a target application program;
scanning and matching keywords related to the data items in the codes of the target application program to obtain a data item list acquired by code indication of the target application program;
and performing compliance detection on the data item acquisition permission of the target application program based on the acquisition permission of the legal data item corresponding to the function of the target application program, the data item list acquired by the candidate text indication and the data item list acquired by the code indication of the target application program.
Fig. 3 is a schematic flow chart of the compliance detection method for an application program applied in an actual scene according to an embodiment of the present disclosure. An offline completion section and an online completion section are included in fig. 3. Wherein:
an off-line completion part:
s01, acquiring a compliance policy library of the application program;
the compliance policy library of the application program contains the collection authority (namely the minimum necessary information data item and the authority described below) of the legal data items of a plurality of APPs with different function types, and the collection authority of the legal data items of the application program accords with the national laws and regulations.
S02, performing manual interpretation on the compliance policy library of the application program;
and S03, combing the data items into the minimum necessary information data items and the rights of different function types APP.
And an online completion part:
s11, acquiring a target APP code and a privacy policy text;
s12, judging the function type of the target APP;
s13, acquiring the collection authority of the legal data item corresponding to the function type of the target APP from the compliance policy library of the application program;
s21, acquiring a privacy policy text declared by the target APP;
s22, judging and classifying each sentence of text of the privacy policy text declared by the target APP based on the target binary classification model, determining whether data item collection exists in each sentence of text, and acquiring candidate text with the data item collection;
if there is a data item collection, S23 is performed.
S23, acquiring data items declared to be collected in the candidate text based on the designated entity recognition model;
s24, summarizing the data items declared and collected in the privacy policy text declared by the target APP;
s31, scanning the code of the target APP;
s32, acquiring a data item list acquired by code indication of the target APP;
and S33, generating a compliance detection report of the data item acquisition permission of the target APP based on the acquisition permission of the legal data item corresponding to the function of the target APP, the data item list indicated to be acquired by the candidate text and the data item list indicated to be acquired by the code of the target APP.
Optionally, performing compliance detection on the data item collection authority of the target application program based on the collection authority of the legal data item corresponding to the function of the target application program, the list of data items indicated to be collected by the candidate text and the list of data items indicated to be collected by the code of the target application program, including:
comparing the collection authority of the legal data items corresponding to the functions of the target application program, the data item list acquired by the candidate text instruction and the data item list acquired by the code instruction of the target application program, and determining the consistency of the collection authority of the legal data items corresponding to the functions of the target application program, the data item list acquired by the candidate text instruction and the data item list acquired by the code instruction of the target application program;
and generating a compliance detection report of the data item acquisition permission of the target application program based on the acquisition permission of the legal data item corresponding to the function of the target application program, the list of the data items which are indicated to be acquired by the candidate text and the consistency of the list of the data items which are indicated to be acquired by the code of the target application program.
As shown in fig. 4, a schematic diagram of a compliance detection report generated in a compliance detection method of an application according to an embodiment of the present disclosure is shown, in a first column of fig. 4, a collection authority list of legal data items corresponding to functions of a target APP, in a second column of fig. 4, a collected data item list declared in a privacy policy text of the target APP, and in a third column of fig. 4, a collected data item list is actually indicated by target APP code.
Optionally, in order to avoid the problem that the target application is subjected to compliance processing due to some illegal behaviors of the target application, when it is determined that the collection permission of the legal data item corresponding to the function of the target application, the candidate text indicates the collected data item list and the code of the target application indicates that the collected data item list is inconsistent, the collection permission of the data item of the target application may be corrected according to a compliance detection report of the collection permission of the data item of the target application. Specifically, the method provided by the embodiment of the present specification further includes:
if the collection authority of the legal data item corresponding to the function of the target application program, the candidate text indicates that the collected data item list and the code of the target application program indicate that the collected data item list are inconsistent, the data item collection authority of the target application program can be corrected based on a compliance detection report of the data item collection authority of the target application program.
In practical applications, since the privacy policy text of the target application and the code of the target application are not usually completed by the same personnel, the situation that the privacy policy text and the code of the target application are inconsistent with the collection authority of the legal data item is inevitable. In order to correct the inconsistent situation in time, the embodiments of the present specification may respectively determine, according to the compliance detection report of the data item collection permission of the target application program, a place in the privacy policy text of the target application program and the code of the target application program, where the collection permission of the legal data item is inconsistent, and correct the place in time.
When the target application program is subjected to compliance detection, acquiring permission of legal data items corresponding to the function type of the target application program can be acquired from a compliance policy library of the application program, the acquisition permission of the legal data items of a plurality of application programs with different function types is stored in the compliance database of the application program, and the function type of the target application program is the same as the function type of one application program in the plurality of application programs; classifying the privacy policy text declared by the target application program based on a pre-trained target secondary classification model to obtain a candidate text for data item acquisition in the privacy policy text declared by the target application program; identifying data items which are acquired by candidate text indication based on a pre-trained designated named entity identification model; finally, performing compliance detection on the data item acquisition permission of the target application program based on the acquisition permission of the legal data item corresponding to the function of the target application program, the data item acquired by the candidate text indication and the data item acquired by the code indication of the target application program; wherein the code of the target application indicates that the collected data item was acquired based on the code of the target application.
The target second classification model is obtained by training based on privacy policy texts of a plurality of application programs and a label for indicating whether data item collection exists in the privacy policy texts, and the designated named entity recognition model is obtained by training based on the privacy policy texts of the plurality of application programs and the label for indicating the data item category in the privacy policy texts for indicating that data item collection exists. The method comprises the steps of automatically identifying data items appointed to be collected in a privacy policy text of a target application program by adopting a binary classification model and an appointed named entity model, comparing an identification result with collection permission of legal data items in a compliance policy library of the application program and data items actually collected by codes of the target application program, rapidly realizing compliance detection of the application program, and avoiding the application program from being off-shelf due to illegal behaviors.
Fig. 5 is a schematic structural diagram of a compliance detection apparatus 500 of an application according to one or more embodiments of the present disclosure, including:
a legal data item acquiring module 501, configured to acquire an acquisition permission of a legal data item corresponding to a function type of a target application program from a compliance policy library of the application program, where the compliance policy library of the application program stores acquisition permissions of legal data items of a plurality of application programs with different function types, and the target application program belongs to the plurality of application programs;
a candidate text obtaining module 502, configured to classify the privacy policy text declared by the target application program based on a pre-trained target secondary classification model, so as to obtain a candidate text for data item collection existing in the privacy policy text declared by the target application program;
the data item acquisition module 503 is configured to identify the data item indicated and collected by the candidate text based on a pre-trained designated named entity identification model;
a compliance detection module 504, configured to perform compliance detection on the data item collection permission of the target application program based on the collection permission of the legal data item corresponding to the function of the target application program, the data item indicated to be collected by the candidate text, and the data item indicated to be collected by the code of the target application program; the code of the target application program indicates that the acquired data item is acquired based on the code of the target application program;
the target second classification model is obtained by training privacy policy texts based on a plurality of application programs and labels for indicating whether data item collection exists in the privacy policy texts, and the designated named entity recognition model is obtained by training the privacy policy texts based on the plurality of application programs and the labels for indicating the data item types in the privacy policy texts for indicating the data item collection exists.
Optionally, in an embodiment, the candidate text obtaining module 502 is configured to:
obtaining a privacy policy text declared by the target application program;
classifying texts with data item collection and texts without data item collection in the privacy policy texts declared by the target application program based on a pre-trained target two-classification model so as to obtain candidate texts with data item collection in the privacy policy texts declared by the target application program.
Optionally, in an embodiment, the data item obtaining module 503 is configured to:
sequentially identifying the category of the data items indicated to be collected in the candidate text based on a pre-trained designated named entity identification model;
and generating a list of data items which are indicated to be acquired by the candidate text based on the category of the data items which are indicated to be acquired by the candidate text.
Optionally, in an embodiment, the compliance detection module 504 is configured to:
acquiring the code of the target application program;
scanning and matching keywords related to data items in the codes of the target application program to obtain a data item list acquired by code indication of the target application program;
and performing compliance detection on the data item acquisition permission of the target application program based on the acquisition permission of legal data items corresponding to the functions of the target application program, the list of data items which are indicated to be acquired by the candidate text and the list of data items which are indicated to be acquired by the codes of the target application program.
Optionally, in an embodiment, the compliance detection module 504 is configured to:
comparing the collection authority of legal data items corresponding to the functions of the target application program, the candidate text instruction collected data item list and the code instruction collected data item list of the target application program, and determining the consistency of the collection authority of legal data items corresponding to the functions of the target application program, the candidate text instruction collected data item list and the code instruction collected data item list of the target application program;
generating a compliance detection report of the data item collection permission of the target application program based on the collection permission of legal data items corresponding to the function of the target application program, the list of data items which are indicated to be collected by the candidate text and the consistency of the list of data items which are indicated to be collected by the code of the target application program.
Optionally, in an embodiment, the apparatus further includes:
and the permission correction module corrects the data item acquisition permission of the target application program based on a compliance detection report of the data item acquisition permission of the target application program if the acquisition permission of the legal data item corresponding to the function of the target application program, the data item list indicated to be acquired by the candidate text and the data item list indicated to be acquired by the code of the target application program are inconsistent.
Optionally, in an embodiment, the named entity recognition model is trained by using at least one of the following deep learning algorithms:
hidden Markov Models (HMMs); a maximum entropy markov model MEMM; conditional random field model CRF; a neighbor algorithm NN/convolutional neural network CNN-conditional random field model CRF; a recurrent neural network-conditional random field model RNN-CRF; Bi-LSTM + conditional random field model CRF of the bidirectional long-short term memory network; the bidirectional code from the converter characterizes the BERT + conditional random field model CRF.
The compliance detection device 500 of the application can implement the method of the embodiment of the method shown in fig. 1 to 4, and specifically refer to the compliance detection method of the application shown in the embodiment shown in fig. 1 to 4, which is not described again.
Fig. 6 is a schematic structural diagram of an electronic device provided in an embodiment of the present specification. Referring to fig. 6, at a hardware level, the electronic device includes a processor, and optionally further includes an internal bus, a network interface, and a memory. The Memory may include a Memory, such as a Random-Access Memory (RAM), and may further include a non-volatile Memory, such as at least 1 disk Memory. Of course, the electronic device may also include hardware required for other services.
The processor, the network interface, and the memory may be connected to each other via an internal bus, which may be an ISA (Industry Standard Architecture) bus, a PCI (Peripheral Component Interconnect) bus, an EISA (Extended Industry Standard Architecture) bus, or the like. The bus may be divided into an address bus, a data bus, a control bus, etc. For ease of illustration, only one double-headed arrow is shown in FIG. 6, but that does not indicate only one bus or one type of bus.
And the memory is used for storing programs. In particular, the program may include program code comprising computer operating instructions. The memory may include both memory and non-volatile storage and provides instructions and data to the processor.
The processor reads the corresponding computer program from the nonvolatile memory to the memory and then runs the computer program to form the compliance detection device of the application program on a logic level. The processor is used for executing the program stored in the memory and is specifically used for executing the following operations:
acquiring the acquisition permission of legal data items corresponding to the function type of a target application program from a compliance policy library of the application program, wherein the acquisition permission of the legal data items of a plurality of application programs with different function types is stored in the compliance database of the application program, and the target application program belongs to the plurality of application programs;
classifying the privacy policy text declared by the target application program based on a pre-trained target secondary classification model to obtain candidate texts for data item collection in the privacy policy text declared by the target application program;
identifying data items which are acquired by the candidate text indication based on a pre-trained designated named entity identification model;
performing compliance detection on the data item acquisition permission of the target application program based on the acquisition permission of legal data items corresponding to the functions of the target application program, the data items acquired by the candidate text indication and the data items acquired by the code indication of the target application program; the code of the target application program indicates that the acquired data item is acquired based on the code of the target application program;
the target second classification model is obtained by training privacy policy texts based on a plurality of application programs and labels for indicating whether data item collection exists in the privacy policy texts, and the designated named entity recognition model is obtained by training the privacy policy texts based on the plurality of application programs and the labels for indicating the data item types in the privacy policy texts for indicating the data item collection exists.
By adopting the electronic equipment provided by the embodiment of the specification, the following steps can be known: the method comprises the steps of automatically identifying data items appointed to be collected in a privacy policy text of a target application program by adopting a binary classification model and an appointed named entity model, comparing an identification result with collection permission of legal data items in a compliance policy library of the application program and data items actually collected by codes of the target application program, rapidly realizing compliance detection of the application program, and avoiding the application program from being off-shelf due to illegal behaviors.
The compliance detection method for the application programs disclosed in the embodiments of fig. 1 to 4 of the present specification can be applied to a processor, or can be implemented by the processor. The processor may be an integrated circuit chip having signal processing capabilities. In implementation, the steps of the above method may be performed by integrated logic circuits of hardware in a processor or instructions in the form of software. The Processor may be a general-purpose Processor, including a Central Processing Unit (CPU), a Network Processor (NP), and the like; but also Digital Signal Processors (DSPs), Application Specific Integrated Circuits (ASICs), Field Programmable Gate Arrays (FPGAs) or other Programmable logic devices, discrete Gate or transistor logic devices, discrete hardware components. The various methods, steps and logic blocks disclosed in one or more embodiments of the present specification may be implemented or performed. A general purpose processor may be a microprocessor or the processor may be any conventional processor or the like. The steps of a method disclosed in connection with one or more embodiments of the present disclosure may be embodied directly in hardware, in a software module executed by a hardware decoding processor, or in a combination of the hardware and software modules executed by a hardware decoding processor. The software module may be located in ram, flash memory, rom, prom, or eprom, registers, etc. storage media as is well known in the art. The storage medium is located in a memory, and a processor reads information in the memory and completes the steps of the method in combination with hardware of the processor.
The electronic device may further perform the compliance detection method of the application programs in fig. 1 to 4, which is not described herein again.
Of course, besides the software implementation, the electronic device in this specification does not exclude other implementations, such as logic devices or a combination of software and hardware, and the like, that is, the execution subject of the following processing flow is not limited to each logic unit, and may also be hardware or logic devices.
Embodiments of the present specification also provide a computer-readable storage medium storing one or more programs, where the one or more programs include instructions, which when executed by a portable electronic device including a plurality of application programs, enable the portable electronic device to perform the method of the embodiments shown in fig. 1 to 4, and are specifically configured to:
acquiring the acquisition permission of legal data items corresponding to the function type of a target application program from a compliance policy library of the application program, wherein the acquisition permission of the legal data items of a plurality of application programs with different function types is stored in the compliance database of the application program, and the target application program belongs to the plurality of application programs;
classifying the privacy policy text declared by the target application program based on a pre-trained target secondary classification model to obtain candidate texts for data item collection in the privacy policy text declared by the target application program;
identifying data items which are acquired by the candidate text indication based on a pre-trained designated named entity identification model;
performing compliance detection on the data item acquisition permission of the target application program based on the acquisition permission of legal data items corresponding to the functions of the target application program, the data items acquired by the candidate text indication and the data items acquired by the code indication of the target application program; the code of the target application program indicates that the acquired data item is acquired based on the code of the target application program;
the target second classification model is obtained by training privacy policy texts based on a plurality of application programs and labels for indicating whether data item collection exists in the privacy policy texts, and the designated named entity recognition model is obtained by training the privacy policy texts based on the plurality of application programs and the labels for indicating the data item types in the privacy policy texts for indicating the data item collection exists.
In short, the above description is only a preferred embodiment of the present disclosure, and is not intended to limit the scope of the present disclosure. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of one or more embodiments of the present disclosure should be included in the scope of protection of one or more embodiments of the present disclosure.
The systems, devices, modules or units illustrated in the above embodiments may be implemented by a computer chip or an entity, or by a product with certain functions. One typical implementation device is a computer. In particular, the computer may be, for example, a personal computer, a laptop computer, a cellular telephone, a camera phone, a smartphone, a personal digital assistant, a media player, a navigation device, an email device, a game console, a tablet computer, a wearable device, or a combination of any of these devices.
Computer-readable media, including both non-transitory and non-transitory, removable and non-removable media, may implement information storage by any method or technology. The information may be computer readable instructions, data structures, modules of a program, or other data. Examples of computer storage media include, but are not limited to, phase change memory (PRAM), Static Random Access Memory (SRAM), Dynamic Random Access Memory (DRAM), other types of Random Access Memory (RAM), Read Only Memory (ROM), Electrically Erasable Programmable Read Only Memory (EEPROM), flash memory or other memory technology, compact disc read only memory (CD-ROM), Digital Versatile Discs (DVD) or other optical storage, magnetic cassettes, magnetic tape, magnetic disk storage or other magnetic storage devices, or any other non-transmission medium that can be used to store information that can be accessed by a computing device. As defined herein, a computer readable medium does not include a transitory computer readable medium such as a modulated data signal and a carrier wave.
It should also be noted that the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising an … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The embodiments in the present specification are described in a progressive manner, and the same and similar parts among the embodiments are referred to each other, and each embodiment focuses on the differences from the other embodiments. In particular, for the system embodiment, since it is substantially similar to the method embodiment, the description is simple, and for the relevant points, reference may be made to the partial description of the method embodiment.

Claims (10)

1. A compliance detection method of an application, comprising:
acquiring the acquisition permission of legal data items corresponding to the function type of a target application program from a compliance policy library of the application program, wherein the compliance database of the application program stores the acquisition permission of the legal data items of a plurality of application programs with different function types, the target application program belongs to the plurality of application programs, and the function types of the plurality of application programs are different;
classifying the privacy policy text declared by the target application program based on a pre-trained target secondary classification model to obtain candidate texts for data item collection in the privacy policy text declared by the target application program;
identifying data items which are acquired by the candidate text indication based on a pre-trained designated named entity identification model;
performing compliance detection on the data item acquisition permission of the target application program based on the acquisition permission of legal data items corresponding to the functions of the target application program, the data items acquired by the candidate text indication and the data items acquired by the code indication of the target application program; the code of the target application program indicates that the acquired data item is acquired based on the code of the target application program;
the target second classification model is obtained by training privacy policy texts based on a plurality of application programs and labels for indicating whether data item collection exists in the privacy policy texts, and the designated named entity recognition model is obtained by training the privacy policy texts based on the plurality of application programs and the labels for indicating the data item types in the privacy policy texts for indicating the data item collection exists.
2. The method of claim 1, classifying the target application declared privacy policy text based on a pre-trained target two-class model to obtain candidate texts for data item collection existing in the target application declared privacy policy text, comprising:
obtaining a privacy policy text declared by the target application program;
classifying texts with data item collection and texts without data item collection in the privacy policy texts declared by the target application program based on a pre-trained target two-classification model so as to obtain candidate texts with data item collection in the privacy policy texts declared by the target application program.
3. The method of claim 1 or 2, identifying the candidate textual indications of collected data items based on a pre-trained named entity recognition model, comprising:
sequentially identifying the category of the data items indicated to be collected in the candidate text based on a pre-trained designated named entity identification model;
and generating a list of data items which are indicated to be acquired by the candidate text based on the category of the data items which are indicated to be acquired by the candidate text.
4. The method of claim 3, wherein performing compliance detection on the data item collection authority of the target application based on the collection authority of a legitimate data item corresponding to the function of the target application, the data item that the candidate text indicates to collect, and the data item that the code of the target application indicates to collect comprises:
acquiring the code of the target application program;
scanning and matching keywords related to data items in the codes of the target application program to obtain a data item list acquired by code indication of the target application program;
and performing compliance detection on the data item acquisition permission of the target application program based on the acquisition permission of legal data items corresponding to the functions of the target application program, the list of data items which are indicated to be acquired by the candidate text and the list of data items which are indicated to be acquired by the codes of the target application program.
5. The method of claim 4, wherein the compliance detection of the data item collection authority of the target application based on the collection authority of legitimate data items corresponding to the function of the target application, the list of data items that the candidate text indicates to collect, and the list of data items that the code of the target application indicates to collect, comprises:
comparing the collection authority of legal data items corresponding to the functions of the target application program, the candidate text instruction collected data item list and the code instruction collected data item list of the target application program, and determining the consistency of the collection authority of legal data items corresponding to the functions of the target application program, the candidate text instruction collected data item list and the code instruction collected data item list of the target application program;
generating a compliance detection report of the data item collection permission of the target application program based on the collection permission of legal data items corresponding to the function of the target application program, the list of data items which are indicated to be collected by the candidate text and the consistency of the list of data items which are indicated to be collected by the code of the target application program.
6. The method of claim 5, further comprising:
and if the collection authority of legal data items corresponding to the functions of the target application program, the candidate text indication collected data item list and the code of the target application program indicate that the collected data item list are inconsistent, correcting the data item collection authority of the target application program based on a compliance detection report of the data item collection authority of the target application program.
7. The method of claim 1, wherein the named entity recognition model is trained using at least one of the following deep learning algorithms:
hidden Markov Models (HMMs); a maximum entropy markov model MEMM; conditional random field model CRF; a neighbor algorithm NN/convolutional neural network CNN-conditional random field model CRF; a recurrent neural network-conditional random field model RNN-CRF; Bi-LSTM + conditional random field model CRF of the bidirectional long-short term memory network; the bidirectional code from the converter characterizes the BERT + conditional random field model CRF.
8. A compliance detection device for an application, comprising:
the system comprises a legal data item acquisition module, a legal data item acquisition module and a legal data item acquisition module, wherein the legal data item acquisition module is used for acquiring the acquisition permission of a legal data item corresponding to the function type of a target application program from a compliance policy library of the application program, the compliance database of the application program stores the acquisition permission of the legal data item of a plurality of application programs with different function types, the target application program belongs to the plurality of application programs, and the function types of the plurality of application programs are different;
the candidate text acquisition module is used for classifying the privacy policy text declared by the target application program based on a pre-trained target secondary classification model so as to acquire candidate texts with data item acquisition in the privacy policy text declared by the target application program;
the data item acquisition module is used for identifying the data items acquired by the candidate text instruction based on a pre-trained designated named entity identification model;
the compliance detection module is used for carrying out compliance detection on the data item acquisition permission of the target application program based on the acquisition permission of legal data items corresponding to the functions of the target application program, the data items which are indicated to be acquired by the candidate texts and the data items which are indicated to be acquired by the codes of the target application program; the code of the target application program indicates that the acquired data item is acquired based on the code of the target application program;
the target second classification model is obtained by training privacy policy texts based on a plurality of application programs and labels for indicating whether data item collection exists in the privacy policy texts, and the designated named entity recognition model is obtained by training the privacy policy texts based on the plurality of application programs and the labels for indicating the data item types in the privacy policy texts for indicating the data item collection exists.
9. An electronic device, comprising:
a processor; and
a memory arranged to store computer executable instructions that, when executed, cause the processor to:
acquiring the acquisition permission of legal data items corresponding to the function type of a target application program from a compliance policy library of the application program, wherein the compliance database of the application program stores the acquisition permission of the legal data items of a plurality of application programs with different function types, the target application program belongs to the plurality of application programs, and the function types of the plurality of application programs are different;
classifying the privacy policy text declared by the target application program based on a pre-trained target secondary classification model to obtain candidate texts for data item collection in the privacy policy text declared by the target application program;
identifying data items which are acquired by the candidate text indication based on a pre-trained designated named entity identification model;
performing compliance detection on the data item acquisition permission of the target application program based on the acquisition permission of legal data items corresponding to the functions of the target application program, the data items acquired by the candidate text indication and the data items acquired by the code indication of the target application program; the code of the target application program indicates that the acquired data item is acquired based on the code of the target application program;
the target second classification model is obtained by training privacy policy texts based on a plurality of application programs and labels for indicating whether data item collection exists in the privacy policy texts, and the designated named entity recognition model is obtained by training the privacy policy texts based on the plurality of application programs and the labels for indicating the data item types in the privacy policy texts for indicating the data item collection exists.
10. A computer-readable storage medium storing one or more programs that, when executed by an electronic device including a plurality of application programs, cause the electronic device to:
acquiring the acquisition permission of legal data items corresponding to the function type of a target application program from a compliance policy library of the application program, wherein the compliance database of the application program stores the acquisition permission of the legal data items of a plurality of application programs with different function types, the target application program belongs to the plurality of application programs, and the function types of the plurality of application programs are different;
classifying the privacy policy text declared by the target application program based on a pre-trained target secondary classification model to obtain candidate texts for data item collection in the privacy policy text declared by the target application program;
identifying data items which are acquired by the candidate text indication based on a pre-trained designated named entity identification model;
performing compliance detection on the data item acquisition permission of the target application program based on the acquisition permission of legal data items corresponding to the functions of the target application program, the data items acquired by the candidate text indication and the data items acquired by the code indication of the target application program; the code of the target application program indicates that the acquired data item is acquired based on the code of the target application program;
the target second classification model is obtained by training privacy policy texts based on a plurality of application programs and labels for indicating whether data item collection exists in the privacy policy texts, and the designated named entity recognition model is obtained by training the privacy policy texts based on the plurality of application programs and the labels for indicating the data item types in the privacy policy texts for indicating the data item collection exists.
CN202011399091.2A 2020-12-04 2020-12-04 Application compliance detection method and device and electronic equipment Active CN112214418B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202011399091.2A CN112214418B (en) 2020-12-04 2020-12-04 Application compliance detection method and device and electronic equipment

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202011399091.2A CN112214418B (en) 2020-12-04 2020-12-04 Application compliance detection method and device and electronic equipment

Publications (2)

Publication Number Publication Date
CN112214418A CN112214418A (en) 2021-01-12
CN112214418B true CN112214418B (en) 2021-03-02

Family

ID=74068091

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202011399091.2A Active CN112214418B (en) 2020-12-04 2020-12-04 Application compliance detection method and device and electronic equipment

Country Status (1)

Country Link
CN (1) CN112214418B (en)

Families Citing this family (12)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN112749088B (en) * 2021-01-13 2023-02-17 挂号网(杭州)科技有限公司 Application program detection method and device, electronic equipment and storage medium
CN113779240A (en) * 2021-02-10 2021-12-10 北京沃东天骏信息技术有限公司 Information identification method, device, computer system and readable storage medium
CN113051613A (en) * 2021-03-15 2021-06-29 Oppo广东移动通信有限公司 Privacy policy detection method and device, electronic equipment and readable storage medium
CN113076538B (en) * 2021-04-02 2021-12-14 北京邮电大学 Method for extracting embedded privacy policy of mobile application APK file
CN113326536A (en) * 2021-06-02 2021-08-31 支付宝(杭州)信息技术有限公司 Method and device for judging compliance of application program
CN113254932B (en) * 2021-06-16 2024-02-27 百度在线网络技术(北京)有限公司 Application risk detection method and device, electronic equipment and medium
CN113688033A (en) * 2021-07-20 2021-11-23 荣耀终端有限公司 Privacy compliance detection method and computer readable storage medium
CN113849785B (en) * 2021-07-29 2024-01-30 国家计算机网络与信息安全管理中心 Mobile terminal information asset use behavior identification method for application program
CN113792341B (en) * 2021-09-15 2023-10-13 百度在线网络技术(北京)有限公司 Automatic detection method, device, equipment and medium for privacy compliance of application program
CN114218109A (en) * 2021-12-17 2022-03-22 建信金融科技有限责任公司 Application program compliance detection method, device and equipment
CN115049253A (en) * 2022-06-14 2022-09-13 广州图灵科技有限公司 Method and system for preventing and discovering campus credit occurrence
CN115757774B (en) * 2022-11-03 2024-09-24 中国电子技术标准化研究院 Industry field identification method and device, electronic equipment and storage medium

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN103701769A (en) * 2013-11-07 2014-04-02 江南大学 Method and system for detecting hazardous network source
US9965624B2 (en) * 2014-02-12 2018-05-08 Mitsubishi Electric Corporation Log analysis device, unauthorized access auditing system, computer readable medium storing log analysis program, and log analysis method

Also Published As

Publication number Publication date
CN112214418A (en) 2021-01-12

Similar Documents

Publication Publication Date Title
CN112214418B (en) Application compliance detection method and device and electronic equipment
CN112199506B (en) Information detection method, device and equipment for application program
CN110334241B (en) Quality inspection method, device and equipment for customer service record and computer readable storage medium
CN108763952B (en) Data classification method and device and electronic equipment
CN110826006B (en) Abnormal collection behavior identification method and device based on privacy data protection
CN109684475B (en) Complaint processing method, complaint processing device, complaint processing equipment and storage medium
CN110263157B (en) Data risk prediction method, device and equipment
CN112416778B (en) Test case recommendation method and device and electronic equipment
CN112257114A (en) Application privacy compliance detection method, device, equipment and medium
CN108399482B (en) Contract evaluation method and device and electronic equipment
CN112256849B (en) Model training method, text detection method, device, equipment and storage medium
CN112184143A (en) Model training method, device and equipment in compliance audit rule
CN110334936B (en) Method, device and equipment for constructing credit qualification scoring model
CN116150349A (en) Data product security compliance checking method, device and server
CN113032834A (en) Database table processing method, device, equipment and storage medium
CN113434653A (en) Method, device and equipment for processing query statement and storage medium
CN109299276B (en) Method and device for converting text into word embedding and text classification
CN111444718A (en) Insurance product demand document processing method and device and electronic equipment
CN112215230B (en) Information auditing method and device and electronic equipment
CN111291551B (en) Text processing method and device, electronic equipment and computer readable storage medium
CN111985936A (en) Method, device and equipment for checking merchant certificate information
CN115564486A (en) Data pushing method, device, equipment and medium
CN114065762A (en) Text information processing method, device, medium and equipment
CN110019672A (en) A kind of method for pushing of similar case, system, storage medium and processor
CN118396786A (en) Contract document auditing method and device, electronic equipment and computer readable storage medium

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant
REG Reference to a national code

Ref country code: HK

Ref legal event code: DE

Ref document number: 40044738

Country of ref document: HK

TR01 Transfer of patent right

Effective date of registration: 20240920

Address after: Room 803, floor 8, No. 618 Wai Road, Huangpu District, Shanghai 200010

Patentee after: Ant blockchain Technology (Shanghai) Co.,Ltd.

Country or region after: China

Address before: 310000 801-11 section B, 8th floor, 556 Xixi Road, Xihu District, Hangzhou City, Zhejiang Province

Patentee before: Alipay (Hangzhou) Information Technology Co.,Ltd.

Country or region before: China

TR01 Transfer of patent right