CN103279706B - Intercept the method and apparatus installing Android application program in the terminal - Google Patents

Abstract

The invention discloses a method and a device for intercepting the installation of an Android application program in a mobile terminal. A method for intercepting the installation of an Android application program in a mobile terminal provided by an embodiment of the present invention includes: monitoring a predetermined port bound with an ADB tool in a computer at the network driver layer; When the tool establishes a connection with the mobile terminal, it is judged whether the process is a gray process; if it is judged that the process is a gray process, when it is known that the application program related to the gray process will install an Android application program to the mobile terminal through the ADB tool, it is judged whether to allow the gray process. The application program related to the gray process installs the Android application program in the mobile terminal; when the application program related to the gray process is not allowed to install the Android application program in the mobile terminal, intercept the application program related to the gray process to install the Android application program in the mobile terminal operate.

Description

Method and device for intercepting Android application program installed in mobile terminal

technical field

The invention relates to the field of Android technology application programs, in particular to a method and device for intercepting the installation of Android application programs in mobile terminals.

Background technique

Android (Android) is an open source operating system based on Linux, which is mainly used in mobile terminals such as mobile phones. The Android platform consists of an operating system, middleware, user interface and application software.

With the popularization and development of smart phones, mobile malicious programs have become a new channel for virus development, and various APKs (Android Application Package File, Android installation package files) have emerged, including virus APKs, for example, some Virus APK damages the rights and interests of users through malicious behaviors such as customizing paid services for SMS, popping up harassing advertisements, paying calls, backing up sensitive data in the user's mobile phone to a specific server, and some malicious mobile phone programs may cause the user's mobile phone to crash, shut down, Data is deleted, spam is sent, phone calls are made. . Among them, the advertising behavior is that the Android application displays the preset advertising information on the mobile device through pictures or texts when the user uses the application, or downloads it from the Internet and displays it on the user's display interface, and also includes embedding pictures or texts into links. , guide users to click to enter, etc., and some privacy behaviors include Android applications that read or modify information on mobile devices without user authorization, such as obtaining mobile phone numbers, or obtaining the content of software installed in mobile phones and sending them to their servers for statistics user information.

When the Android device is connected to the computer, the driver ADB (AndroidDebugBridge, Android Debug Bridge) is required, and the Android program can be debugged through ADB. ADB can be used to directly operate and manage Android emulators or real Android devices (such as mobile terminals).

The Android system itself does not have an interception mechanism. It just informs the system user that the program may access certain services before the malicious program is installed, but it does not judge whether the application program is a malicious program. When the user connects the Android device to the computer through ADB, the third-party program may monitor the USB interface without the user's permission. Once the Android device is found, it installs an advertisement to the Android device through ADB to promote the application, or sends an Android Some malicious applications are installed on the device, so that the Android device is often installed with advertising promotion applications or other malicious applications due to its connection with the computer. Since the installed programs may not be displayed in the application program list of the Android system, the user does not know about the installation of these application programs. The use of the system has brought trouble and inconvenience, and has caused hidden dangers to the user's information security.

Contents of the invention

In view of the above problems, the present invention is proposed to provide a method and device for intercepting the installation of Android applications in a mobile terminal to overcome the above problems or at least partially solve the above problems.

According to one aspect of the present invention, an embodiment of the present invention provides a method for intercepting the installation of an Android application in a mobile terminal, including:

In the network driver layer, the predetermined port bound to the Android debugging bridge ADB tool in the computer is monitored;

When it is detected that the process in the computer is connected with the mobile terminal through the ADB tool, it is judged whether the process is a gray process;

If it is judged that the above process is a gray process, when it is known that the application program related to the gray process will install the Android application program to the mobile terminal through the ADB tool, judge whether to allow the application program related to the gray process to install the Android application program in the mobile terminal;

When the application program related to the gray process is not allowed to install the Android application program in the mobile terminal, the operation of installing the Android application program in the mobile terminal by the application program related to the gray process is intercepted.

Wherein, the above method also includes: when the process in the computer is monitored to establish a connection with the mobile terminal through the ADB tool, if the type of the process is judged to be a white process in the white list, then allowing the application program related to the white process to access the mobile terminal all actions performed;

If it is judged that the type of process is a black process in the blacklist, the application program related to the black process is immediately intercepted, and the application program related to the black process is prohibited from performing any operation on the mobile terminal and displayed in the pop-up box of the user interface. Information about successful interception of applications related to the black process.

Wherein, before judging whether the process is a gray process, the above method also includes: judging whether the process is a process supporting the ADB protocol, if yes, continuing to perform the operation of judging whether the process is a gray process, otherwise, allowing the process to run.

Wherein, whether the above-mentioned judging process is a process supporting the ADB protocol includes judging whether the format and data content of the data packet sent by the process to the predetermined port meet the ADB protocol, if satisfied, the process is a process supporting the ADB protocol, if not satisfied, the process Not a process that supports the ADB protocol.

Among them, when it is known that the application program related to the gray process will install the Android application program to the mobile terminal through the ADB tool, judging whether to allow the application program related to the gray process to install the Android application program in the mobile terminal includes: When the predetermined port sends the installation instruction of the Android application program, it is known that the relevant application program of the gray process will install the Android application program to the mobile terminal through the ADB tool; when it is detected that the gray process sends the Android installation package APK file to the predetermined port, the APK file is obtained and This APK file is scanned, when the scanning result indicates that the APK file is safe, it is judged that the application program related to the gray process is allowed to install the Android application program in the mobile terminal, otherwise, it is judged that the application program related to the gray process is not allowed to be installed in the mobile terminal. Install the Android app.

Wherein, the above-mentioned scanning of the APK file includes: extracting the installation package name, version number, digital signature, characteristics of Android component receivers, characteristics of Android component services, characteristics of Android component activities, and executable files of the APK file. Instructions and/or the MD5 value of the fifth edition of the message digest algorithm of each file in the APK directory; the extracted information is sent to the server side equipped with a security identification library, so that the server side uses the feature information in the security identification library to identify the APK file Scan the information; receive the scanning result corresponding to the APK file sent by the server side.

Wherein, when it is known that the application program related to the gray process will install the Android application program to the mobile terminal through the ADB tool, judging whether to allow the application program related to the gray process to install the Android application program in the mobile terminal includes: in the user interface pop-up box Display prompt information, which includes gray process-related application icon, name, application description, indication of whether it is an ad program or a malicious program, and/or processing information; receive selection instructions sent by the user through a pop-up box on the user interface; When the selection instruction indicates that the application program related to the gray process is allowed, it is judged that the application program related to the gray process is allowed to install the Android application program in the mobile terminal; The application program installs the Android application program in the mobile terminal.

Wherein, the above-mentioned operation of intercepting applications related to the gray process and installing the Android application in the mobile terminal includes: interrupting the connection between the gray process and the predetermined port, and prohibiting the APK file from the gray process from being sent to the mobile terminal through the predetermined port.

According to another aspect of the present invention, an embodiment of the present invention provides a device for intercepting the installation of an Android application in a mobile terminal, including:

The port monitor is suitable for monitoring the predetermined port bound to the Android debugging bridge ADB tool in the computer at the network driver layer;

The judger is suitable for judging whether the process is a gray process when it is detected that the process in the computer establishes a connection with the mobile terminal through the ADB tool; When the tool installs the Android application program to the mobile terminal, it judges whether to allow the gray process-related application program to install the Android application program in the mobile terminal;

The interceptor is suitable for intercepting the operation of installing the Android application program in the mobile terminal by the application program related to the gray process when the application program related to the gray process is not allowed to install the Android application program in the mobile terminal.

Wherein, the judging device is also suitable for when the process in the computer is monitored to establish a connection with the mobile terminal through the ADB tool, and the type of the judging process is a white process located in the white list, then the interceptor is also suitable for allowing the white process to be associated with the mobile terminal. All operations performed by the application program on the mobile terminal; and

The judger is also suitable for when the process in the computer is monitored to establish a connection with the mobile terminal through the ADB tool, and the type of the judged process is a black process in the blacklist, then the interceptor is also suitable for the application program related to the black process Intercepting, prohibiting the application program related to the black process from performing any operation on the mobile terminal and displaying the successful interception information of the application program related to the black process in the pop-up box of the user interface.

Wherein, the judging device is also suitable for judging whether the process is a process supporting the ADB protocol before judging whether the process is a gray process, if so, continue to perform the operation of judging whether the process is a gray process, otherwise, allow the operation of the process.

Wherein, the judging device is suitable for judging whether the format and data content of the data packet sent by the process to the predetermined port meet the ADB protocol. If it is satisfied, the process is a process that supports the ADB protocol. If it is not satisfied, the process is not a process that supports the ADB protocol. .

Wherein, the judging device is suitable for knowing that the application program related to the gray process will install the Android application program to the mobile terminal through the ADB tool when monitoring that the gray process sends an installation instruction of the Android application to the predetermined port; The port sends the APK file of the Android installation package, obtains the APK file and scans the APK file, and when the scanning result indicates that the APK file is safe, it is judged that the application program related to the gray process is allowed to install the Android application program in the mobile terminal, otherwise, it is judged The application program related to the gray process is not allowed to install the Android application program in the mobile terminal.

Wherein, the judging device is adapted to obtain the scanning result in the following manner: extracting the installation package name, version number, digital signature, characteristics of the Android component receiver, characteristics of the Android component service, characteristics of the Android component activity, and executable files in the APK file. The instruction and/or the MD5 value of each file under the APK directory; the extracted information is sent to the server side provided with the security identification library, so that the server side uses the feature information in the security identification library to scan the information of the APK file; Receive the scanning result corresponding to the APK file delivered by the server side.

Wherein, the determiner is adapted to display prompt information in a pop-up box on the user interface, the prompt information includes the icon, name, application description, indication information of whether the program is an advertisement program or a malicious program, and/or processing information of the application program related to the gray process; Receive the selection instruction sent by the user through the pop-up box of the user interface; when the selection instruction indicates that the application program related to the gray process is allowed, it is judged that the application program related to the gray process is allowed to install the Android application program in the mobile terminal; when the selection instruction indicates that the gray process is prohibited When the application program is related, it is judged that the application program related to the gray process is prohibited from installing the Android application program in the mobile terminal.

Wherein, the interceptor is adapted to interrupt the connection between the gray process and the predetermined port, and forbids sending the APK file from the gray process to the mobile terminal through the predetermined port.

From the above, the embodiment of the present invention learns all processes that establish connections with the ADB tool by monitoring the predetermined ports bound to the ADB tool, screens out the gray processes among them, and moves the application programs related to the gray processes to The technical means for judging the permissions of installing Android applications in the terminal solves the problem caused by third-party programs randomly installing applications in the mobile terminal in the prior art, and can effectively monitor the third-party programs that use ADB tools to interact with Android , and control the authority of the third-party program through the process type and judgment logic, thereby ensuring the security of information in the mobile terminal and making it convenient for users to use.

The above description is only an overview of the technical solution of the present invention. In order to better understand the technical means of the present invention, it can be implemented according to the contents of the description, and in order to make the above and other purposes, features and advantages of the present invention more obvious and understandable , the specific embodiments of the present invention are enumerated below.

Description of drawings

Various other advantages and benefits will become apparent to those of ordinary skill in the art upon reading the following detailed description of the preferred embodiment. The drawings are only for the purpose of illustrating a preferred embodiment and are not to be considered as limiting the invention. Also throughout the drawings, the same reference numerals are used to designate the same components. In the attached picture:

Fig. 1 shows a flow chart of a method for intercepting the installation of an Android application program in a mobile terminal according to an embodiment of the present invention;

Fig. 2 shows a flow chart of a method for intercepting the installation of an Android application program in a mobile terminal according to another embodiment of the present invention; and

Fig. 3 shows a schematic diagram of the interaction process when the process utilizes the ADB tool to install the Android application program in the mobile terminal according to another embodiment of the present invention;

Fig. 4 shows a schematic structural diagram of an apparatus for intercepting the installation of an Android application in a mobile terminal according to yet another embodiment of the present invention.

detailed description

Exemplary embodiments of the present disclosure will be described in more detail below with reference to the accompanying drawings. Although exemplary embodiments of the present disclosure are shown in the drawings, it should be understood that the present disclosure may be embodied in various forms and should not be limited by the embodiments set forth herein. Rather, these embodiments are provided for more thorough understanding of the present disclosure and to fully convey the scope of the present disclosure to those skilled in the art.

An embodiment of the present invention provides a method for intercepting the installation of an Android application program in a mobile terminal, referring to Fig. 1, the method includes:

S100: Monitor a predetermined port bound with an ADB (Android Debug Bridge, Android Debug Bridge) tool in the computer at the network driver layer.

This embodiment executes the interception of the operation of installing the Android application program in the mobile terminal in the network driver layer, which is in the upper layer driver and is an auxiliary intermediate layer that is forwarded to the kernel protocol driver as a winsock (WindowsSockets) call. Drivers at this layer can monitor all local and remote winsock calls and network underlying protocol drivers indiscriminately.

The predetermined port in the above computer may be 127.0.0.1:5037 port (5037 port), where the ADB tool is bound to the 5037 port.

S102: When it is detected that the process in the computer establishes a connection with the mobile terminal through the ADB tool, determine whether the process is a gray process.

In this embodiment, the mobile terminal is an Android device (such as an Android phone or other terminals supporting the Android system) as an example for illustration.

A gray process is an unknown process that is not in the whitelist or blacklist. When the type of the monitored process is a gray process, it is necessary to further monitor the process to confirm whether the application related to the gray process is allowed to be installed on the Android device. android app.

Wherein, a whitelist and a blacklist are maintained in the database of the server in this embodiment, the whitelist is a list for recording safe processes, and the blacklist is a list for recording dangerous processes. When a process is in the whitelist, the white process is allowed For all subsequent operations, the white process will no longer be monitored. When the process is in the blacklist, once a black process is detected, it will be intercepted immediately.

It should be noted that this embodiment describes the solution of intercepting the installation of an Android application program in a mobile terminal (Android device) at the process level. An application is static, a process is dynamic, a process is an executing program, ie a program instance running in a computer; it can be assigned to a processor and executed by the processor as an entity. The process can get the processing result of the application program. An application running on a data set is a process. There is not a one-to-one correspondence between a process and an application. An application running on multiple different data sets forms multiple different processes. A process is created when it is created, runs due to the scheduling of the application, and is canceled after the task is completed. A process can reflect the entire dynamic process of an application running on a certain data set. The aforementioned process-related application programs refer to the application programs running on the process.

S104: When it is learned that the application program related to the gray process will install the Android application program to the mobile terminal through the ADB tool, determine whether to allow the application program related to the gray process to install the Android application program in the mobile terminal.

Process-related applications can use ADB tools to perform various types of operations, such as enumerating Android devices connected to the current system, establishing connections with Android devices, reading and writing files and directories in Android devices, installing APK files on Android devices, Execute shell commands on Android devices, etc. Here, this solution mainly focuses on the function of installing APK files based on the ADB protocol. In this step, when it is known that the application program related to the gray process will install the Android application program to the Android device through the ADB tool, the logical judgment of the interception operation is started.

S106: When the application program related to the gray process is not allowed to install the Android application program in the mobile terminal, intercept the operation of the application program related to the gray process to install the Android application program in the mobile terminal.

As mentioned above, the embodiment of the present invention protects the Android device from being forced to install adware or malicious software when a PC terminal device such as a computer is connected to the Android device for transmission. This solution can not only intercept malicious harassing programs, but also intercept any malicious programs that obtain permission to install applications on mobile phones through the ADB tool.

In the existing Android system, it is impossible to check the third-party application that uses the ADB tool to install the Android application program on the mobile phone, and the ADB tool can obtain all the permissions of the Android application program, including executing shell commands, etc. After the connection, the virus is easy to spread to the mobile phone. In order to solve this problem, the present embodiment learns all the processes connected with the ADB tool by monitoring the predetermined port bound with the ADB tool, screens out gray processes therein and The technical means for judging the authority of the gray process-related application program to install the Android application program in the Android device solves the problem caused by the third-party program randomly installing the application program in the Android device in the prior art, and can use the ADB tool and The Android-interactive third-party program is effectively monitored, and the authority of the third-party program is controlled through the process type and judgment logic, thereby ensuring the security of information in the mobile terminal and making it convenient for users to use.

On the basis of the embodiment shown in Figure 1, another embodiment of the present invention provides a method for intercepting the installation of an Android application in a mobile terminal, referring to Figure 2, comprising the following steps:

S200: Monitor port 5037 bound with the ADB tool.

In this step, monitor the data packets passing through port 5037 in the background program, and these data packets may be data packets for sending instructions or data packets for sending entity data.

The above monitoring can be implemented by the ADB tool or a device set in the ADB tool.

The functions of the ADB tool mainly include: running commands of Android devices, managing port mapping of Android emulators or Android devices, controlling upload or download files between computers or Android devices, and installing local APK files to Android emulators or Android devices. equipment. The ADB tool acts as an intermediary between the computer and the Android device.

The ADB tool is implemented based on the client-server model, including three parts: ADB client, ADB server and daemon.

The ADB client, which runs on the development computer, can be invoked by running ADB commands on the command line, and Android tools such as ADB plugins and DDMS can also invoke the ADB client.

The ADB server is a background process running on the development computer, which manages the device and is responsible for the data exchange between the computer and the device;

The ADB client and the ADB server can exist in the same executable file, such as the executable file named adb.exe in the Windows system. The ADB client is responsible for interacting with the user, and exits after executing the command; and the ADB server has been running in the computer after it is started.

Daemon process, a process running in the Android system, receives data from the ADB server and executes instructions.

When starting the ADB client, the client first detects whether the ADB server process is running, and if not, starts the ADB server. When the ADB server starts, it binds to the local TCP port 5037 and listens for commands sent from the ADB client. All ADB clients use port 5037 to communicate with the ADB server.

S202: When it is detected that the process in the computer establishes a connection with the Android device through the ADB tool.

The ADB tool can operate the Android phone through a predetermined port, install applications to the Android phone, perform functions such as phone synchronization and upload files, and third-party programs can communicate by bundling an ADB tool and sending commands to the Android device.

ADB tools include ADB client and ADB server. The ADB server has been running in the background and is responsible for communicating with Android devices. It can transfer the APK file to the ADB server through the network, so as to install it on the mobile terminal through transit; the ADB client is responsible for the connection between the third-party program and the predetermined port, and the local The ADB communication protocol is set in the network layer to support the communication of the ADB tool. For example, the mobile assistant is equivalent to an ADB server. When other applications are connected to the mobile assistant, other applications may also use the service of the mobile assistant to install applications to the Android device.

The third-party program will establish a Socket (socket) connection with port 5037 through the ADB client, and then connect to the Android device through the Socket connection and the ADB server. For example, when the application is installed on the mobile phone, the ADB client sends the installation package of the application to the ADB server, and the ADB server installs the application on the mobile phone.

S204: Determine whether the process is a process supporting the ADB protocol, if yes, execute step S206.

In addition to the data packets communicated with the Android device, the data packets transmitted through the 5037 port will also include other types of data packets. In order to avoid intercepting other normal programs and ensure the normal operation of other programs, in this embodiment, the judgment monitoring Whether the received process uses the ADB protocol. When the ADB protocol is used, it means that the process is a process that communicates with the Android device. Continue to monitor the process. When the ADB protocol is not used, it means that the process does not communicate with the Android device. other processes, the process is no longer monitored, and the process is allowed to run.

The operations supported by the ADB protocol include using ADB to enumerate the Android devices connected to the current system, establish a connection with the Android device, read and write files and directories in the Android device, install APK files on the Android device, execute shell commands on the Android device, and so on.

When judging whether the process is a process supporting the ADB protocol, it can be judged whether the format and data content of the data packet sent by the process to the predetermined port (port 5037) meet the ADB protocol. If satisfied, the process is a process supporting the ADB protocol. If not, the process does not support the ADB protocol. For example, when it is determined that the format of the data packet meets the format requirements of the ADB protocol, and the data content indicates that the data packet is a data packet based on the ADB protocol, the confirmation process is a process supporting the ADB protocol.

S206: Determine the type of the process.

In this embodiment, the process information will be collected and counted in advance, and the white list and black list of the process will be maintained and saved.

The white list is a list that records safe processes, and the black list is a list that records dangerous processes. The type of process in the white list is a white process, the type of process in the black list is a black process, and all unknown processes outside the white list and black list are gray processes. In addition, this embodiment can also collect program behaviors through the client and associate them with program features, so as to record program features and their corresponding program behaviors in the database. According to the association between the collected program behaviors and program features, the Analyzing and summarizing the samples helps to judge whether the software or program belongs to the blacklist or whitelist. Since the program characteristics and the corresponding behavior records of the characteristics are recorded in the database, unknown programs can be analyzed in combination with the known white list. For example, if the unknown program signature is the same as the known program signature in the existing whitelist, both the unknown program signature and its program behavior are whitelisted. If the unknown program behavior is the same as or similar to the known program behavior in the existing whitelist, the unknown program behavior and its program characteristics are both included in the whitelist.

When the process is a white process (such as the process called by 360 mobile assistant, 91 mobile assistant or pea pod, etc.), confirm that the application program related to the process is a trusted application program, and allow the operation of the process.

When the process is a black process (such as a process called by an application program that maliciously promotes APK, etc.), confirm that the application program related to the process is an untrusted application program, and immediately intercept the operation of the process after judging the type of the process ( Such as intercepting the process by disconnecting the process from port 5037), prohibiting the application program related to the process from performing any operations on the Android device (such as enumerating the Android devices connected in the system), and sending the successfully intercepted information to For the user, the information that the application program related to the black process is successfully intercepted is displayed in the pop-up box of the user interface.

When the process is a gray process, go to step S208 and continue to monitor the gray process.

S208: Determine whether to allow the application program related to the gray process to install the Android application program in the Android device.

This solution mainly focuses on the scenario where a third-party program uses the ADB protocol to install an application on an Android device. When the gray process performs other operations, such as enumeration operations and operations to read and write Android device directories, these operations can be allowed to execute.

In order to illustrate this solution more clearly, the scenario of installing an Android application program to an Android device by a process-related application program using the ADB tool is firstly described below in conjunction with Figure 3. Figure 3 shows that the process uses the ADB tool to install an Android application program on an Android device. Schematic diagram of the interaction process for Android applications. Among them, the process establishes a Socket connection with the 5037 port through the ADB client, and sends various instructions and data to the 5037 port through the Socket connection, and then the ADB server sends the instructions and data to the Android device. When installing the APK file , mainly including the following operations:

1), the process sends an install (installation) instruction to the Android device through the ADB client and the ADB server.

The above install command indicates that the process is about to perform an operation of installing an Android application program to the Android device.

2), the process sends a Sync (synchronous, synchronization) command to the Android device through the ADB client and the ADB server, indicating to enter the synchronization state.

3), the process sends a SEND (send) instruction to the Android device through the ADB client and the ADB server, specifying the storage path of the APK file.

4), the process sends DATA (data) instructions to the Android device through the ADB client and the ADB server, thereby sending the APK file to be installed to the Android device.

5), the process sends the pmshell command to the Android device through the ADB client and the ADB server, and starts the installation of the APK file on the Android device.

After the APK file is installed, the following step 6) may also be included.

6), the process sends the rmshell command to the Android device through the ADB client and the ADB server to delete the data such as the APK file uploaded during the installation process.

This step is triggered to start execution when it is learned that the application program related to the gray process will install the Android application program to the Android device through the ADB tool. When it is detected that the gray process invokes the install function of the ADB tool to send the install command of the Android application to the predetermined port, it is known that the application program related to the gray process will install the Android application program to the Android device through the ADB tool; after sending the install command, the gray The process will also send Sync (synchronous, synchronization) commands, SEND (send) commands, etc. to the predetermined port through the ADB tool, and then the gray process will send the DATA (data) command carrying the APK file to the predetermined port. The predetermined port sends the APK file of the Android installation package, obtains the APK file and scans the APK file, and scans whether the APK file to be installed contains malicious content such as malicious deduction, malicious harassment, and privacy-stealing codes. If there is no malicious content When the scan result is APK file safe, otherwise the scan result is APK file dangerous.

When the scanning result indicates that the APK file is safe, it is judged that the application program related to the gray process is allowed to install the Android application program in the Android device, otherwise, it is judged that the application program related to the gray process is not allowed to install the Android application program in the Android device.

When scanning the APK file, the specific operations are as follows:

Extract various information of APK files, including but not limited to installation package name, version number, digital signature, characteristics of Android component receiver (receiver), characteristics of Android component service (service), and Android component activity (activity) characteristics, instructions (or character strings) in the executable file and/or the MD5 value of each file in the APK directory; then, the extracted information is sent to the server side equipped with a security identification library, so that the server side uses the security The feature information in the identification library scans the information of the APK file; receives the scanning result corresponding to the APK file sent by the server side, so as to obtain the scanning result, program package name, certificate and other information.

Preferably, the above security identification library may be a cloud scanning and killing engine.

Wherein, the above-mentioned executable file includes a Dex file and/or an ELF file, and the Dex file includes a classes.dex file, a file with an extension of .jar, a file in a Dex format, and the like.

It should be noted that, in this embodiment, before scanning in the above manner, the information of the APK file needs to be collected in advance, for example, a sample Android installation package is selected, and the sample Android installation package includes Android installation packages under various security levels. For the package name, version number, digital signature, characteristics of Android component receiver, characteristics of Android component service, characteristics of Android component activity, instructions or strings in executable files of various sample Android installation packages, the Android installation package directory The MD5 value of each file is collected, and the collected information is preset in the security identification library on the server side.

The security identification library preset on the server side not only collects feature information of APK files that identify viruses, Trojan horses and other malicious software, but also collects feature information of APK files that identify normal applications. When one item of information in the APK file matches the characteristic information of malicious software, the obtained scanning result corresponding to the APK file indicates that the APK file is not safe.

Further, in this embodiment, the user is also allowed to choose the installation of the Android application program, that is, after the above judgment logic is used to determine whether the application program related to the process is allowed to install the Android application program in the Android device, combined with the user's choice to make a selection. issue the final verdict. When it is confirmed according to the above judgment logic that the application program related to the gray process is allowed to install the Android application program in the Android device (or other scenarios that allow the application program to be installed in the Android device, such as a white process), the method also includes:

Display prompt information in a pop-up box on the user interface, the prompt information includes the icon, name, application description of the application program related to the gray process, indication information whether it is an advertising program or a malicious program, and/or processing method information, and the processing method information may include Recommended processing recommendations for applications, etc. Then, receive the selection instruction sent by the user through the pop-up box of the user interface; when the selection instruction indicates that the application program related to the gray process is allowed, finally judge that the application program related to the gray process is allowed to install the Android application program in the Android device, and execute the Android application program. For the installation operation of the application program, when the selection instruction indicates that the application program related to the gray process is prohibited, it is judged that the application program related to the gray process is prohibited from installing the Android application program in the Android device, and the installation process of the Android application program is no longer executed.

S210: Intercept the operation of installing the Android application program to the Android device by the application program related to the gray process.

In the interception mechanism of this solution, the connection between the gray process and the 5037 port is interrupted, such as controlling the ADB client terminal to disconnect the gray process, and prohibiting the APK file from the gray process from being sent to the Android device through the 5037 port, for example, controlling The ADB server is prohibited from sending the APK file of the gray process to the Android device.

Yet another embodiment of the present invention provides an apparatus 400 for intercepting the installation of an Android application in a mobile terminal, as shown in FIG. 4 , which includes a port monitor 410 , a determiner 412 and an interceptor 414 .

The port monitor 410 is adapted to monitor a predetermined port bound with the Android debugging bridge ADB tool in the computer at the network driver layer. The predetermined port is 127.0.0.1:5037 port (5037 port). Referring to Figure 4, the ADB tool includes an ADB client and an ADB server. The process of the third-party application program establishes a Socket connection with the 5037 port through the ADB client, and the 5037 port is bound to the ADB server, and the ADB server is connected to the Android device through USB. The device 400 can control the ADB tool and the 5037 port in the computer.

In this embodiment, the mobile terminal is an Android device (such as an Android phone or other terminals supporting the Android system) as an example for illustration.

The determiner 412 is adapted to determine whether the process is a gray process when it is detected that the process in the computer establishes a connection with the mobile terminal (Android device) through the ADB tool; When the program wants to install the Android application program to the Android device through the ADB tool, it is judged whether to allow the application program related to the gray process to install the Android application program in the Android device. Specifically, when the determiner 412 detects that the gray process sends an installation instruction of the Android application to the predetermined port, it knows that the application related to the gray process will install the Android application to the Android device through the ADB tool; Send the APK file of the Android installation package, obtain the APK file and scan the APK file. When the scanning result indicates that the APK file is safe, it is judged that the application program related to the gray process is allowed to install the Android application program in the Android device, otherwise, it is judged not The application program related to the gray process is allowed to install the Android application program in the Android device.

When the judging unit 412 scans the APK file, it specifically performs the following operations: extract various information of the APK file, which information includes but is not limited to the installation package name, version number, digital signature, android component receiver (receiver) Features, features of Android component services (service), features of Android component activities (activity), instructions (or character strings) in executable files and/or MD5 values (or SHA1 values) of files in the APK directory; Then, the extracted information is sent to the server side provided with the security identification library, so that the server side uses the feature information in the security identification library to scan the information of the APK file; the scanning result corresponding to the APK file issued by the server side is received , to get the scan results. Wherein, on the server side, the information of the APK file reported by the judger is compared with the feature information of the malicious software in the security identification library, and as long as one piece of information matches, the APK file is not a safe file. Preferably, the above security identification library may be a cloud scanning and killing engine.

The gray process is all processes except the preset white list and black list. This embodiment also uses the preset white list and black list to identify the white process and the black process. Specifically, the determiner 412 is also suitable for monitoring When the process in the computer establishes a connection with the Android device through the ADB tool, it is judged that the type of the process is a white process located in the white list, and the interceptor 414 is also suitable for allowing all operations performed by the application program related to the white process on the Android device.

And, the judger 412 is also suitable for when the process in the computer is monitored to establish a connection with the Android device through the ADB tool, and the type of the judged process is a black process located in the blacklist, then the interceptor 414 is also suitable for immediately identifying the black process. Relevant applications are intercepted, and applications related to black processes are prohibited from performing any operations on Android devices.

Further, since the data packets transmitted through the 5037 port will include other types of data packets in addition to the data packets communicated with the Android device, in order to avoid intercepting other normal programs and ensure the normal operation of other programs, this embodiment Among them, the judging unit 412 is further adapted to judge whether the process is a process supporting the ADB protocol before judging whether the process is a gray process, and if so, continue to perform the operation of judging whether the process is a gray process, otherwise, allow the running of the process. Specifically, the judging unit 412 judges whether the format and data content of the data packet sent by the process to the predetermined port meet the ADB protocol. If so, the process is a process supporting the ADB protocol; if not, the process is not a process supporting the ADB protocol.

Further, in this embodiment, after the judging unit 412 judges whether to allow the process to install the Android application program in the Android device according to the above judgment logic, the final judgment result is also made in combination with the user's choice. For example, the determiner 412 displays prompt information in a pop-up box on the user interface, and the prompt information includes the icon, name, application description, indication information of whether an advertising program or a malicious program and/or processing method information of an application program related to the gray process; The selection instruction sent by the user through the pop-up box of the user interface; when the selection instruction indicates that the application program related to the gray process is allowed, it is judged that the application program related to the gray process is allowed to install the Android application program in the Android device; when the selection instruction indicates that the application program related to the gray process is prohibited When the application program is used, it is judged that the application program related to the gray process is prohibited from installing the Android application program in the Android device.

For the interception of the gray process, the interceptor 414 intercepts the operation of installing the Android application program to the Android device by the application program related to the gray process when the application program related to the gray process is not allowed to install the Android application program in the Android device. For example, the interceptor 414 interrupts the connection between the gray process and the predetermined port, and prohibits sending the APK file from the gray process to the Android device through the predetermined port. For the interception of white process and black process, refer to the description of related content above.

For the specific working modes of each device in the device embodiment of the present invention, reference may be made to the method embodiment of the present invention, which will not be repeated here.

From the above, the embodiment of the present invention learns all processes that establish connections with the ADB tool by monitoring the predetermined ports bound to the ADB tool, screens out the gray processes among them, and moves the application programs related to the gray processes to The technical means for judging the permissions of installing Android applications in the terminal solves the problem caused by third-party programs randomly installing applications in the mobile terminal in the prior art, and can effectively monitor the third-party programs that use ADB tools to interact with Android , and control the authority of the third-party program through the process type and judgment logic, thereby ensuring the security of information in the mobile terminal and making it convenient for users to use.

The algorithms and displays presented herein are not inherently related to any particular computer, virtual system, or other device. Various generic systems can also be used with the teachings based on this. The structure required to construct such a system is apparent from the above description. Furthermore, the present invention is not specific to any particular programming language. It should be understood that various programming languages can be used to implement the content of the present invention described herein, and the above description of specific languages is for disclosing the best mode of the present invention.

In the description provided herein, numerous specific details are set forth. However, it is understood that embodiments of the invention may be practiced without these specific details. In some instances, well-known methods, structures and techniques have not been shown in detail in order not to obscure the understanding of this description.

Similarly, it should be appreciated that in the foregoing description of exemplary embodiments of the invention, in order to streamline this disclosure and to facilitate an understanding of one or more of the various inventive aspects, various features of the invention are sometimes grouped together in a single embodiment, figure, or its description. This method of disclosure, however, is not to be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, as the following claims reflect, inventive aspects lie in less than all features of a single foregoing disclosed embodiment. Thus, the claims following the Detailed Description are hereby expressly incorporated into this Detailed Description, with each claim standing on its own as a separate embodiment of this invention.

Those skilled in the art can understand that the modules in the device in the embodiment can be adaptively changed and arranged in one or more devices different from the embodiment. Modules or units or components in the embodiments may be combined into one module or unit or component, and furthermore may be divided into a plurality of sub-modules or sub-units or sub-assemblies. All features disclosed in this specification (including accompanying claims, abstract and drawings) and any method or method so disclosed may be used in any combination, except that at least some of such features and/or processes or units are mutually exclusive. All processes or units of equipment are combined. Each feature disclosed in this specification (including accompanying claims, abstract and drawings) may be replaced by alternative features serving the same, equivalent or similar purpose, unless expressly stated otherwise.

Furthermore, those skilled in the art will understand that although some embodiments described herein include some features included in other embodiments but not others, combinations of features from different embodiments are meant to be within the scope of the invention. and form different embodiments. For example, in the following claims, any of the claimed embodiments may be used in any combination.

The various component embodiments of the present invention may be implemented in hardware, or in software modules running on one or more processors, or in a combination thereof. Those skilled in the art should understand that a microprocessor or a digital signal processor (DSP) can be used in practice to implement the interception of some or all of the components in the device for installing an Android application program in a mobile terminal according to an embodiment of the present invention. Some or all functions. The present invention can also be implemented as an apparatus or an apparatus program (for example, a computer program and a computer program product) for performing a part or all of the methods described herein. Such a program for realizing the present invention may be stored on a computer-readable medium, or may be in the form of one or more signals. Such a signal may be downloaded from an Internet site, or provided on a carrier signal, or provided in any other form.

It should be noted that the above-mentioned embodiments illustrate rather than limit the invention, and that those skilled in the art will be able to design alternative embodiments without departing from the scope of the appended claims. In the claims, any reference signs placed between parentheses shall not be construed as limiting the claim. The word "comprising" does not exclude the presence of elements or steps not listed in a claim. The word "a" or "an" preceding an element does not exclude the presence of a plurality of such elements. The invention can be implemented by means of hardware comprising several distinct elements, and by means of a suitably programmed computer. In a unit claim enumerating several means, several of these means can be embodied by one and the same item of hardware. The use of the words first, second, and third, etc. does not indicate any order. These words can be interpreted as names.

Embodiments of the present invention disclose A1, a method for intercepting the installation of an Android application program in a mobile terminal, comprising: monitoring the predetermined port bound to the Android debugging bridge ADB tool in the computer at the network driver layer; When the process in the computer establishes a connection with the mobile terminal through the ADB tool, it is judged whether the process is a gray process; When installing the Android application program, judge whether to allow the application program related to the gray process to install the Android application program in the mobile terminal; when the application program related to the gray process is not allowed to install the Android application program in the mobile terminal, intercept the gray process The process-related application program installs the Android application program into the mobile terminal. A2. The method according to claim A1, wherein the method further comprises: when it is detected that the process in the computer establishes a connection with the mobile terminal through the ADB tool, if it is determined that the type of the process is a white in the white list process, then allow the application program related to the white process to perform all operations on the mobile terminal; if it is judged that the type of the process is a black process in the blacklist, then immediately intercept the application program related to the black process and prohibit all operations The application program related to the black process performs any operation on the mobile terminal and displays the information that the application program related to the black process is successfully intercepted in a pop-up box on the user interface. A3. The method according to claim A1 or A2, wherein, before judging whether the process is a gray process, the method further includes: judging whether the process is a process supporting the ADB protocol, and if so, continue to execute the judgment Whether the process is a gray process operation, otherwise, the process is allowed to run. A4. The method according to claim A3, wherein the judging whether the process is a process supporting the ADB protocol comprises: judging whether the format and data content of the data packet sent by the process to the predetermined port meet the ADB protocol , if satisfied, the process is a process supporting the ADB protocol; if not satisfied, the process is not a process supporting the ADB protocol. A5. The method according to claim A3, wherein, when it is known that the application program related to the gray process will install the Android application program to the mobile terminal through the ADB tool, it is judged whether to allow the application program related to the gray process to move to the mobile terminal. Installing the Android application program in the terminal includes: when monitoring that the gray process sends an installation instruction of the Android application program to the predetermined port, knowing that the application program related to the gray process will install the Android application program to the mobile terminal through the ADB tool; When it is detected that the gray process sends the Android installation package APK file to the predetermined port, the APK file is obtained and the APK file is scanned, and when the scan result indicates that the APK file is safe, it is judged that the application program related to the gray process is allowed to send to the predetermined port. An Android application program is installed in the mobile terminal, otherwise, it is judged that the application program related to the gray process is not allowed to install the Android application program in the mobile terminal. A6. The method according to claim A5, wherein said scanning the APK file comprises: extracting the name of the installation package, the version number, the digital signature, the characteristics of the receiver of the Android component, and the information of the Android component service of the APK file. Features, characteristics of Android component activities, instructions in the executable file and/or the MD5 value of the fifth version of the message digest algorithm of each file in the APK directory; the extracted information is sent to the server side provided with a security identification library, so that The server side uses the feature information in the security identification database to scan the information of the APK file; and receives the scanning result corresponding to the APK file sent by the server side. A7. The method according to claim A1, wherein, when it is known that the application program related to the gray process will install the Android application program to the mobile terminal through the ADB tool, it is judged whether to allow the application program related to the gray process to move to the mobile terminal. Installing the Android application program in the terminal includes: displaying prompt information in a pop-up box on the user interface, the prompt information including the icon, name, application description, indication information of the gray process-related application program, whether it is an advertising program or a malicious program, and/or or processing method information; receive a selection instruction sent by the user through the pop-up box of the user interface; when the selection instruction indicates that the application program related to the gray process is allowed, determine that the application program related to the gray process is allowed to be installed in the mobile terminal For the Android application program, when the selection instruction indicates that the application program related to the gray process is prohibited, it is judged that the application program related to the gray process is prohibited from installing the Android application program in the mobile terminal. A8. The method according to claim A1, wherein the operation of intercepting the application program related to the gray process to install the Android application program in the mobile terminal comprises: interrupting the connection between the gray process and the predetermined port, prohibiting Send the APK file from the gray process to the mobile terminal through the predetermined port. A9, a device for intercepting the Android application program installed in a mobile terminal, comprising: a port monitor, adapted to monitor the predetermined port bound to the Android debug bridge ADB tool in the computer at the network driver layer; a judger, suitable for When it is detected that the process in the computer establishes a connection with the mobile terminal through the ADB tool, it is judged whether the process is a gray process; When the Android application program is installed to the mobile terminal by the ADB tool, it is judged whether to allow the application program related to the gray process to install the Android application program in the mobile terminal; When the Android application program is installed in the mobile terminal, the operation of installing the Android application program in the mobile terminal by the application program related to the gray process is intercepted. A10. The device according to claim A9, wherein the determiner is further adapted to determine that the type of the process is white in the white list when it is monitored that the process in the computer establishes a connection with the mobile terminal through the ADB tool process, then the interceptor is also adapted to allow all operations performed by the application program related to the white process on the mobile terminal; and the judger is also adapted to establish When connecting, if it is judged that the type of the process is a black process in the blacklist, then the interceptor is also suitable for intercepting the application programs related to the black process, and prohibiting the application programs related to the black process from executing on the mobile terminal. Any operation and display the successful interception information of the application related to the black process in the pop-up box of the user interface. A11. The device according to claim A9 or A10, wherein the judger is further adapted to judge whether the process is a process supporting the ADB protocol before judging whether the process is a gray process, and if so, continue Execute the operation of judging whether the process is a gray process, otherwise, allow the running of the process. A12. The device according to claim A11, wherein the judger is adapted to judge whether the format and data content of the data packet sent by the process to the predetermined port meet the ADB protocol, and if so, the process It is a process supporting the ADB protocol, if not satisfied, the process is not a process supporting the ADB protocol. A13. The device according to claim A11, wherein the determiner is adapted to learn the application program related to the gray process when it is detected that the gray process sends an Android application installation instruction to the predetermined port To install the Android application program to the mobile terminal through the ADB tool; when monitoring the gray process to send the Android installation package APK file to the predetermined port, obtain the APK file and scan the APK file, when the scanning result indicates that the APK file is safe , it is determined that the application program related to the gray process is allowed to install the Android application program in the mobile terminal, otherwise, it is determined that the application program related to the gray process is not allowed to install the Android application program in the mobile terminal. A14. The device according to claim A9, wherein the judger is adapted to obtain the scan result by: extracting the installation package name, version number, digital signature, and Android component receiver of the APK file. Features, features of Android component services, features of Android component activities, instructions in executable files and/or the MD5 value of each file in the APK directory; the extracted information is sent to the server side provided with a security identification library, so that The server side uses the feature information in the security identification database to scan the information of the APK file; and receives the scanning result corresponding to the APK file sent by the server side. A15. The device according to claim A9, wherein the determiner is adapted to display prompt information in a pop-up box on the user interface, the prompt information including the icon, name, application description, Whether it is an advertisement program or malicious program indication information and/or processing information; receiving a selection instruction sent by the user through the user interface pop-up box; An application program related to a gray process installs an Android application program in the mobile terminal, and when the selection instruction indicates that the application program related to the gray process is prohibited, it is judged that the application program related to the gray process is prohibited from installing an Android application program in the mobile terminal. A16. The device according to claim A9, wherein the interceptor is adapted to interrupt the connection between the gray process and the predetermined port, and prohibit sending the APK file from the gray process to the predetermined port through the predetermined port. mobile terminal.

Claims (14)

1. A method for intercepting Android application programs installed in mobile terminals, comprising: In the network driver layer, the predetermined port bound to the Android debugging bridge ADB tool in the computer is monitored; When monitoring the process in the computer to establish a connection with the mobile terminal through the ADB tool, judge whether the process is a gray process; If it is judged that the process is a gray process, when it is known that the application program related to the gray process will install the Android application program to the mobile terminal through the ADB tool, judge whether to allow the application program related to the gray process to install the Android application program in the mobile terminal The program includes: when it is detected that the gray process sends an installation instruction of the Android application to the predetermined port, it is learned that the application related to the gray process will install the Android application to the mobile terminal through the ADB tool; The ash process sends the Android installation package APK file to the predetermined port, obtains the APK file and scans the APK file, and when the scan result indicates that the APK file is safe, it judges that the application program related to the ash process is allowed to be installed in the mobile terminal Android application program, otherwise, it is judged that the application program related to the gray process is not allowed to install the Android application program in the mobile terminal; When the application program related to the gray process is not allowed to install the Android application program in the mobile terminal, the operation of installing the Android application program in the mobile terminal by the application program related to the gray process is intercepted. 2. The method of claim 1, wherein the method further comprises: When monitoring the process in the computer to establish a connection with the mobile terminal through the ADB tool, if it is judged that the type of the process is a white process located in the white list, then allow the application program related to the white process to perform all operations on the mobile terminal; If it is judged that the type of the process is a black process located in the blacklist, then the application program related to the black process is intercepted immediately, and the application program related to the black process is prohibited from performing any operation on the mobile terminal and pops up a box on the user interface displays information about successful interception of applications related to the black process. 3. The method according to claim 1 or 2, wherein, before judging whether the process is a gray process, the method further comprises: Judging whether the process is a process supporting the ADB protocol, if so, continue to perform the operation of judging whether the process is a gray process, otherwise, allow the operation of the process. 4. The method according to claim 3, wherein said judging whether said process is a process supporting the ADB protocol comprises: Judging whether the format and data content of the data packet sent by the process to the predetermined port meet the ADB protocol, if satisfied, the process is a process that supports the ADB protocol, and if not satisfied, the process does not support the ADB protocol process. 5. The method according to claim 1, wherein said scanning the APK file comprises: Extract the name of the installation package, the version number, the digital signature, the characteristics of the Android component receiver, the characteristics of the Android component service, the characteristics of the Android component activity, the instructions in the executable file and/or the contents of each file in the APK directory of the APK file. MD5 value of the fifth edition of the message digest algorithm; The extracted information is sent to the server side provided with the security identification library, so that the server side uses the feature information in the security identification library to scan the information of the APK file; The scanning result corresponding to the APK file delivered by the server side is received. 6. The method according to claim 1, wherein, when it is known that the application program related to the gray process will install the Android application program to the mobile terminal through the ADB tool, it is judged whether to allow the application program related to the gray process to move to the mobile terminal. Android applications installed in the terminal include: Display prompt information in a pop-up box on the user interface, where the prompt information includes the icon, name, application description, indication information of whether the gray process is an ad program or a malicious program, and/or processing information of an application program related to the gray process; receiving a selection instruction sent by the user through the pop-up box of the user interface; When the selection instruction indicates that the application program related to the gray process is allowed, it is judged that the application program related to the gray process is allowed to install the Android application program in the mobile terminal, and when the selection instruction indicates that the application program related to the gray process is prohibited , it is judged that the application program related to the gray process is prohibited from installing the Android application program in the mobile terminal. 7. The method according to claim 1, wherein the operation of installing an Android application program in the mobile terminal by intercepting the application program related to the gray process comprises: The connection between the gray process and the predetermined port is interrupted, and the APK file from the gray process is prohibited from being sent to the mobile terminal through the predetermined port. 8. A device for intercepting the installation of an Android application program in a mobile terminal, comprising: The port monitor is suitable for monitoring the predetermined port bound to the Android debugging bridge ADB tool in the computer at the network driver layer; The judger is suitable for judging whether the process in the computer is a gray process when it is detected that the process in the computer establishes a connection with the mobile terminal through the ADB tool; and, if it is judged that the process is a gray process, when it is known that the gray process is related When the application program of the gray process is to install the Android application program to the mobile terminal through the ADB tool, it is judged whether to allow the application program related to the gray process to install the Android application program in the mobile terminal; When the predetermined port sends the installation instruction of the Android application program, it is known that the relevant application program of the gray process will install the Android application program to the mobile terminal through the ADB tool; when monitoring the gray process, the Android installation package APK file is sent to the predetermined port , obtain the APK file and scan the APK file. When the scanning result indicates that the APK file is safe, it is judged that the application program related to the gray process is allowed to install the Android application program in the mobile terminal, otherwise, it is judged that the application program related to the gray process is not allowed. The application program installs the Android application program in the mobile terminal; The interceptor is suitable for intercepting the operation of installing the Android application program in the mobile terminal by the application program related to the gray process when the application program related to the gray process is not allowed to install the Android application program in the mobile terminal. 9. The apparatus of claim 8, wherein, The judger is also suitable for judging that the type of the process is a white process in the white list when the process in the computer is monitored to establish a connection with the mobile terminal through the ADB tool, then the interceptor is also suitable for allowing the All operations performed by applications related to the white process on the mobile terminal; and The judger is also suitable for judging that the type of the process is a black process in the blacklist when the process in the computer is monitored to establish a connection with the mobile terminal through the ADB tool, then the interceptor is also suitable for the The application program related to the black process is intercepted, the application program related to the black process is prohibited from performing any operation on the mobile terminal and the information that the application program related to the black process is successfully intercepted is displayed in a pop-up box on the user interface. 10. Apparatus according to claim 8 or 9, wherein, The judger is also suitable for judging whether the process is a process supporting the ADB protocol before judging whether the process is a gray process, if so, continue to perform the operation of judging whether the process is a gray process, otherwise, allow the operation of the process. 11. The apparatus of claim 10, wherein: The judger is suitable for judging whether the format and data content of the data packet sent by the process to the predetermined port meet the ADB protocol, if satisfied, the process is a process supporting the ADB protocol, if not satisfied, the The above process does not support the ADB protocol. 12. The apparatus of claim 8, wherein, The judger is adapted to obtain the scan result in the following manner: extracting the installation package name, version number, digital signature, characteristics of the Android component receiver, characteristics of the Android component service, and characteristics of the Android component activity of the APK file , the instructions in the executable file and/or the MD5 value of each file under the APK directory; the extracted information is sent to the server side provided with the security identification library, so that the server side uses the feature information in the security identification library to identify the described The information of the APK file is scanned; and the scanning result corresponding to the APK file sent by the server side is received. 13. The apparatus of claim 8, wherein, The determiner is adapted to display prompt information in a pop-up box on the user interface, the prompt information includes the icon, name, application description, indication information and/or processing of the application program related to the gray process, whether it is an advertising program or a malicious program Mode information; receiving a selection instruction sent by the user through the pop-up box of the user interface; when the selection instruction indicates that the application program related to the gray process is allowed, it is judged that the application program related to the gray process is allowed to install the Android application in the mobile terminal When the selection instruction indicates that the application program related to the gray process is prohibited, it is judged that the application program related to the gray process is prohibited from installing the Android application program in the mobile terminal. 14. The device according to claim 8, wherein the interceptor is adapted to interrupt the connection between the gray process and the predetermined process when the application program related to the gray process is not allowed to install the Android application in the mobile terminal. The connection of the port prohibits sending the APK file from the gray process to the mobile terminal through the predetermined port.