CN115146264B - Application program processing method and device - Google Patents
Application program processing method and device Download PDFInfo
- Publication number
- CN115146264B CN115146264B CN202110347307.9A CN202110347307A CN115146264B CN 115146264 B CN115146264 B CN 115146264B CN 202110347307 A CN202110347307 A CN 202110347307A CN 115146264 B CN115146264 B CN 115146264B
- Authority
- CN
- China
- Prior art keywords
- sdk
- file
- android application
- hash value
- package
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 claims abstract description 39
- 244000035744 Hura crepitans Species 0.000 claims abstract description 11
- 230000008569 process Effects 0.000 claims abstract description 11
- 230000001419 dependent effect Effects 0.000 claims abstract description 8
- 238000001514 detection method Methods 0.000 claims description 51
- 238000004590 computer program Methods 0.000 claims description 12
- 101100217298 Mus musculus Aspm gene Proteins 0.000 claims description 4
- 238000003672 processing method Methods 0.000 abstract description 5
- 238000010586 diagram Methods 0.000 description 12
- 230000006870 function Effects 0.000 description 6
- 238000004422 calculation algorithm Methods 0.000 description 4
- 238000004364 calculation method Methods 0.000 description 3
- 230000003068 static effect Effects 0.000 description 2
- 230000014509 gene expression Effects 0.000 description 1
- 230000008676 import Effects 0.000 description 1
- 238000004519 manufacturing process Methods 0.000 description 1
- 230000006855 networking Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000008447 perception Effects 0.000 description 1
- 230000000750 progressive effect Effects 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformation of program code
- G06F8/53—Decompilation; Disassembly
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/03—Indexing scheme relating to G06F21/50, monitoring users, programs or devices to maintain the integrity of platforms
- G06F2221/033—Test or assess software
Landscapes
- Engineering & Computer Science (AREA)
- General Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Software Systems (AREA)
- Computer Hardware Design (AREA)
- Physics & Mathematics (AREA)
- General Physics & Mathematics (AREA)
- Health & Medical Sciences (AREA)
- General Health & Medical Sciences (AREA)
- Virology (AREA)
- Stored Programmes (AREA)
Abstract
The disclosure provides a processing method and a device of an application program, and relates to the technical field of software development, wherein the method comprises the following steps: decompiling the android application program package to obtain a lib folder, a build. Gradle file and a class file; traversing the lib folder to obtain a first SDK file under the lib folder, wherein the first SDK file comprises a jar file and a so file; identifying the content in the dependent item of the build. Gradle file to obtain a second SDK file; traversing the class file to obtain a third SDK file possibly called by the android application package; the method comprises the steps of obtaining a first SDK file which is actually called in the running process of an android application program package in a real machine sandbox; determining an SDK set of the android application package, wherein the SDK set comprises the first SDK file and an SDK subset, and the SDK subset comprises at least one of the second SDK file, the third SDK file and the fourth SDK file.
Description
Technical Field
The disclosure relates to the technical field of software development, in particular to a processing method and a processing device of an application program.
Background
A Software Development Kit (SDK) is a kit developed by service companies such as advertisers, payers, social, push platforms, map service providers, etc., in order to facilitate application developers in using the services they provide. SDKs include advertising, payment, statistics, social, push, map, and other categories.
SDK is widely used, and once the safety problem occurs, the influence range is wide.
Disclosure of Invention
The inventors have noted that some malicious SDKs may present security threats themselves. For example, SDKs have serious security problems in addition to acquiring user privacy information, such as collecting user device IDs and acquiring user location information. For example, some SDKs have a function of actively receiving a server instruction, and the SDKs can collect sensitive information such as short messages, call records, contacts, and the like as required. Some SDKs may also perform dangerous operations such as dynamically downloading code.
In addition, the SDK itself may have vulnerabilities. If these vulnerabilities are exploited, an attacker can exploit the SDK to launch malicious attacks. For example, turn on a camera to take a picture without the user's perception, steal a two-factor authentication token by sending a short message, or turn the user's device into part of a botnet.
In view of the above, it is necessary to extract the SDK and detect the security of the SDK. However, the inventors found that with upgrades of android versions, the extracted SDKs became inaccurate.
In order to solve the above-described problems, the embodiments of the present disclosure propose the following solutions.
According to an aspect of the embodiments of the present disclosure, there is provided a method for processing an application program, including: decompiling the android application program package to obtain a lib folder, a build. Gradle file and a class file; traversing the lib folder to obtain a first SDK file under the lib folder, wherein the first SDK file comprises a jar file and a so file; identifying the content in the dependent item of the build. Gradle file to obtain a second SDK file; traversing the class file to obtain a third SDK file possibly called by the android application package; the method comprises the steps of obtaining a first SDK file which is actually called in the running process of an android application program package in a real machine sandbox; determining an SDK set of the android application package, wherein the SDK set comprises the first SDK file and an SDK subset, and the SDK subset comprises at least one of the second SDK file, the third SDK file and the fourth SDK file.
In some embodiments, the subset of SDKs includes at least one of the second SDK file and the third SDK file, and the fourth SDK file.
In some embodiments, the subset of SDKs includes the second SDK file, the third SDK file, and the fourth SDK file.
In some embodiments, the method further comprises: performing security detection on the SDK set to obtain a security detection result; calculating a first hash value of the android application package; and correspondingly storing the security detection result and the first hash value of the android application program package into a database.
In some embodiments, the method further comprises: receiving a security detection request of a user for another android application program package; calculating a second hash value of the other android application package; acquiring the security detection result corresponding to the first hash value from the database under the condition that the second hash value is the same as the first hash value; and sending the security detection result corresponding to the first hash value to a user.
In some embodiments, the method further comprises: calculating a first hash value of the android application package; judging whether the SDK set of the android application program package exists in a database according to the first hash value; executing the decompiled android application package in the absence of the SDK set in the database; after determining the SDK set, storing the SDK set and the first hash value in the database correspondingly.
In some embodiments, the first hash value comprises a SHA1 value.
According to another aspect of the embodiments of the present disclosure, there is provided a processing apparatus for an application program, including: the decompilation module is configured to decompilate the android application program package to obtain a lib folder, a build. Gradle file and a class file; the first traversing module is configured to traverse the lib folder to obtain a first SDK file under the lib folder, wherein the first SDK file comprises a jar file and a so file; the identification module is configured to identify the content in the dependent item of the build. Gradle file so as to obtain a second SDK file; the second traversing module is configured to traverse the class file to obtain a third SDK file possibly called by the android application package; the first acquisition module is configured to acquire a fourth SDK file which is actually invoked in the running process of the android application program package in the real machine sandbox; a determining module configured to determine an SDK set of the android application package for security detection, the SDK set including the first SDK file and an SDK subset, the SDK subset including at least one of the second SDK file, the third SDK file, and the fourth SDK file.
In some embodiments, the apparatus further comprises: the detection module is configured to perform security detection on the SDK set to obtain a security detection result; a computing module configured to compute a first hash value of the android application package; and the storage module is configured to correspondingly store the security detection result and the first hash value of the android application program package into a database.
In some embodiments, the apparatus further comprises: the receiving module is configured to receive a security detection request of a user for another android application program package; the computing module is further configured to compute a second hash value of the other android application package; a second obtaining module configured to obtain, from the database, the security detection result corresponding to the first hash value, in a case where the second hash value and the first hash value are the same; and a transmitting module configured to transmit the security detection result corresponding to the first hash value to a user.
According to still another aspect of the embodiments of the present disclosure, there is provided a processing apparatus for an application program, including: a memory; and a processor coupled to the memory, the processor configured to perform the method of any of the embodiments described above based on instructions stored in the memory.
According to a further aspect of the disclosed embodiments, a computer readable storage medium is provided, comprising computer program instructions, wherein the computer program instructions, when executed by a processor, implement the method according to any of the embodiments described above.
In the embodiment of the disclosure, the determined SDK set of the android application package includes not only the first SDK file obtained by traversing the lib folder, but also a subset of the SDKs. The SDK subset comprises at least one of a second SDK file obtained by identifying the build. Gradle file, a third SDK file obtained by traversing the class file and a fourth SDK file actually invoked by the android application package in the running process of the android application package in the real machine sandbox. In this way, the resulting SDK set of android application packages is more accurate.
The technical scheme of the present disclosure is described in further detail below through the accompanying drawings and examples.
Drawings
In order to more clearly illustrate the embodiments of the present disclosure or the technical solutions in the prior art, the drawings that are required in the embodiments or the description of the prior art will be briefly described below, and it is obvious that the drawings in the following description are only some embodiments of the present disclosure, and other drawings may be obtained according to these drawings without inventive effort to a person of ordinary skill in the art.
FIG. 1 is a flow diagram of a method of processing an application according to some embodiments of the present disclosure;
FIG. 2 is a flow diagram of a method of processing an application according to further embodiments of the present disclosure;
FIG. 3 is a schematic diagram of a processing device of an application according to some embodiments of the present disclosure;
FIG. 4 is a schematic diagram of a processing device of an application according to further embodiments of the present disclosure;
fig. 5 is a schematic structural view of a processing device of an application according to further embodiments of the present disclosure.
Detailed Description
The following description of the technical solutions in the embodiments of the present disclosure will be made clearly and completely with reference to the accompanying drawings in the embodiments of the present disclosure, and it is apparent that the described embodiments are only some embodiments of the present disclosure, not all embodiments. All other embodiments, which can be made by one of ordinary skill in the art based on the embodiments in this disclosure without inventive faculty, are intended to fall within the scope of this disclosure.
The relative arrangement of the components and steps, numerical expressions and numerical values set forth in these embodiments do not limit the scope of the present disclosure unless it is specifically stated otherwise.
Meanwhile, it should be understood that the sizes of the respective parts shown in the drawings are not drawn in actual scale for convenience of description.
Techniques, methods, and apparatus known to one of ordinary skill in the relevant art may not be discussed in detail, but should be considered part of the specification where appropriate.
In all examples shown and discussed herein, any specific values should be construed as merely illustrative, and not a limitation. Thus, other examples of the exemplary embodiments may have different values.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further discussion thereof is necessary in subsequent figures.
Fig. 1 is a flow diagram of a method of processing an application according to some embodiments of the present disclosure.
At step 102, the android application package is decompiled to obtain lib folders, build. Gradle files, and class files.
For example, the android application package may be decompiled using a decompilation tool such as ApkTool.
In step 104, the lib folder is traversed to obtain a first SDK file under the lib folder.
Here, the first SDK file includes a jar file and a so file.
At step 106, content in the dependent item (DEPENDENCIES) of the build. Gradle file is identified to obtain a second SDK file.
It should be appreciated that the second SDK file is a package-dependent toolkit file for the android application package.
At step 108, the class file is traversed to obtain a third SDK file that the android application package may call.
By traversing the class file, the lead package content can be extracted using keywords (e.g., import) to obtain the SDK file that the android application package may call, i.e., the third SDK file.
In step 110, a fourth SDK file that is actually invoked during the running process of the android application package in the real machine sandbox is obtained.
For example, the clicking operation of the user can be simulated to run the android application package in the real machine sandbox, so that the SDK file actually called in the running process of the android application package, namely, the fourth SDK file can be captured.
At step 112, a set of SDKs for the android application package is determined.
Here, the SDK set includes a first SDK file and a SDK subset. The SDK subset includes at least one of a second SDK file, a third SDK file, and a fourth SDK file.
In the above embodiment, the determined SDK set of the android application package includes not only the first SDK file obtained by traversing the lib folder, but also the SDK subset. The SDK subset comprises at least one of a second SDK file obtained by identifying the build. Gradle file, a third SDK file obtained by traversing the class file and a fourth SDK file actually invoked by the android application package in the running process of the android application package in the real machine sandbox. In this way, the resulting SDK set of android application packages is more accurate.
In some embodiments, the SDK subset includes at least one of the second SDK file and the third SDK file, and a fourth SDK file. For example, the SDK subset includes both the second SDK file and the fourth SDK file; for another example, the SDK subset includes both the third SDK file and the fourth SDK file. In such a way, the second SDK file and the third SDK file are static, and the fourth SDK file is dynamic, so that the accuracy of the SDK set of the obtained android application program package can be further improved in a dynamic and static combination way.
In other embodiments, the SDK subset includes three of the second SDK file, the third SDK file, and the fourth SDK file. Thus, the SDK set of the android application package is more accurate.
In some embodiments, before step 102, a first hash value of the android application package may be calculated, and then it is determined whether the SDK set of the android application package already exists in the database according to the first hash value. For example, a set of SDKs for different android application packages and a first hash value for the different android application packages are stored in a database. In some embodiments, the first hash value comprises a SHA1 value.
In the case where the SDK set of the android application package does not exist in the database, the step of decompiling the android application package in step 102 is performed. In the case where the SDK set of the android application package exists in the database, the SDK set of the android application package may be directly called from the database.
In addition, after step 112, i.e., after determining the SDK set of the android application package, the SDK set of the android application package and the first hash value may also be correspondingly stored in the database for subsequent recall by other users.
After the SDK set of the android application package is obtained, the safety detection can be carried out on the SDK set of the android application package in the follow-up process; or in response to the user's acquisition request, the SDK set of the android application package may be sent to the user, and the user performs security detection. The following will describe various embodiments.
Fig. 2 is a flow diagram of a method of processing an application according to further embodiments of the present disclosure.
In some embodiments, the processing method further includes steps 202-206 shown in FIG. 2, as compared to the embodiment shown in FIG. 1.
In step 202, security detection is performed on the SDK set to obtain a security detection result.
For example, the SDK set may be security detected based on preset security detection criteria.
At step 204, a first hash value of the android application package is calculated.
For example, a first hash value, such as a SHA1 value, of the android application package may be obtained by a preset hash algorithm.
In step 206, the security detection result of the SDK set and the first hash value of the android application package are correspondingly stored in the database.
In the above embodiment, since the determined SDK set is more accurate, the obtained security detection result is also more accurate.
In some embodiments, referring to FIG. 2, the processing method further includes steps 208-214.
At step 208, a security detection request is received for another android application package by a user.
At step 210, a second hash value of another android application package is calculated.
For example, the second hash value of the further android application package may be obtained using the same hash algorithm as the preset hash algorithm described above.
In step 212, if the second hash value is the same as the first hash value, a security detection result corresponding to the first hash value is obtained from the database.
In step 214, the security detection result corresponding to the first hash value is sent to the user.
In the above embodiment, the security detection result of the SDK set of the existing android application package in the database may be directly invoked and sent to the user. Particularly, in the case that a large number of users simultaneously request the security detection, the processing efficiency can be effectively improved by the mode of the embodiment, so that the security detection requirements of the users can be responded more quickly.
In some embodiments, the fourth SDK file may be acquired through an RCSN algorithm, so that the fourth SDK may be acquired more accurately.
For example, the relative proximity of each of the plurality of clusters that are actually invoked during the execution of the android application package in the real-machine sandbox may be determined by the following formula:
In the above formula, C i and C j represent the number of data points in clusters i and j, EC (C i) represents the weight sum of edges in cluster i, EC (C j) represents the weight sum of edges in cluster j, and EC (C i,Cj) represents the weight sum of edges connecting 2 clusters i and j.
In the case that the relative approximation degree of a certain cluster actually called is the same as the relative approximation degree of a certain SDK cluster in a plurality of SDK clusters stored in the database, the SDK cluster in the database is taken as a fourth SDK file.
In this specification, each embodiment is described in a progressive manner, and each embodiment is mainly described in a different manner from other embodiments, so that the same or similar parts between the embodiments are mutually referred to. For the device embodiments, since they basically correspond to the method embodiments, the description is relatively simple, and the relevant points are referred to in the description of the method embodiments.
Fig. 3 is a schematic structural diagram of a processing device of an application according to some embodiments of the present disclosure.
As shown in fig. 3, the processing apparatus includes a decompilation module 301, a first traversal module 302, an identification module 303, a second traversal module 304, a first acquisition module 305, and a determination module 306.
Decompilation module 301 is configured to decompilate android application packages to obtain lib folders, build. Gradle files, and class files. The first traversal module 302 is configured to traverse the lib folder to obtain a first SDK file under the lib folder, the first SDK file including a jar file and a so file. The identification module 303 is configured to identify content in the dependent item of the build. Gradle file to obtain a second SDK file. The second traversal module 304 is configured to traverse the class file to obtain a third SDK file that the android application package may call. The first obtaining module 305 is configured to obtain a fourth SDK file that is actually invoked during the running of the android application package in the real machine sandbox. The determination module 306 is configured to determine a set of SDKs for security detection of the android application package, the set of SDKs comprising a first SDK file and a subset of SDKs, the subset of SDKs comprising at least one of a second SDK file, a third SDK file, and a fourth SDK file.
Fig. 4 is a schematic structural view of a processing apparatus of an application program according to other embodiments of the present disclosure.
As shown in fig. 4, the processing device further includes a detection module 401, a calculation module 402, and a storage module 403.
The detection module 401 is configured to perform security detection on the SDK set to obtain a security detection result. The calculation module 402 is configured to calculate a first hash value of the android application package. The storage module 403 is configured to store the security detection result and the first hash value of the android application package in the database, respectively.
In some embodiments, referring to fig. 4, the processing apparatus further includes a receiving module 404, a second acquiring module 405, and a transmitting module 406.
The receiving module 404 is configured to receive a security detection request from a user for another android application package. The calculation module 402 is further configured to calculate a second hash value of another android application package. The second obtaining module 405 is configured to obtain a security detection result corresponding to the first hash value from the database when the second hash value is the same as the first hash value. The sending module 406 is configured to send the security detection result corresponding to the first hash value to the user.
Fig. 5 is a schematic structural view of a processing device of an application according to further embodiments of the present disclosure.
As shown in fig. 5, the processing device 500 includes a memory 501 and a processor 502 coupled to the memory 501, the processor 502 being configured to perform the method of any of the foregoing embodiments based on instructions stored in the memory 501.
Memory 501 may include, for example, system memory, fixed nonvolatile storage media, and the like. The system memory may store, for example, an operating system, application programs, boot Loader (Boot Loader), and other programs.
The processing device 500 may also include an input/output interface 503, a network interface 504, a storage interface 505, and the like. These interfaces 503, 504, 505 and the memory 501 and the processor 502 may be connected by a bus 506, for example. The input output interface 503 provides a connection interface for input output devices such as a display, mouse, keyboard, touch screen, etc. Network interface 504 provides a connection interface for various networking devices. The storage interface 505 provides a connection interface for external storage devices such as SD cards, U discs, and the like.
The disclosed embodiments also provide a computer readable storage medium having stored thereon computer program instructions which, when executed by a processor, implement the method of any of the above embodiments.
Thus, various embodiments of the present disclosure have been described in detail. In order to avoid obscuring the concepts of the present disclosure, some details known in the art are not described. How to implement the solutions disclosed herein will be fully apparent to those skilled in the art from the above description.
It will be appreciated by those skilled in the art that embodiments of the present disclosure may be provided as a method, system, or computer program product. Accordingly, the present disclosure may take the form of an entirely hardware embodiment, an entirely software embodiment, or an embodiment combining software and hardware aspects. Furthermore, the present disclosure may take the form of a computer program product embodied on one or more computer-usable non-transitory storage media (including, but not limited to, disk storage, CD-ROM, optical storage, etc.) having computer-usable program code embodied therein.
The present disclosure is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the disclosure. It will be understood that functions specified in one or more of the flowcharts and/or one or more of the blocks in the block diagrams may be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
Although some specific embodiments of the present disclosure have been described in detail by way of example, it should be understood by those skilled in the art that the above examples are for illustration only and are not intended to limit the scope of the present disclosure. It will be understood by those skilled in the art that the foregoing embodiments may be modified and equivalents substituted for elements thereof without departing from the scope and spirit of the disclosure. The scope of the present disclosure is defined by the appended claims.
Claims (10)
1. A method of processing an application, comprising:
decompiling the android application program package to obtain a lib folder, a build. Gradle file and a class file;
Traversing the lib folder to obtain a first Software Development Kit (SDK) file under the lib folder, wherein the first SDK file comprises a jar file and a so file;
Identifying the content in the dependent item of the build. Gradle file to obtain a second SDK file;
traversing the class file to extract the package guiding content by utilizing the keywords, so as to obtain a third SDK file possibly called by the android application package;
acquiring a fourth SDK file which is actually called in the running process of the android application program package in a real machine sandbox; and
Determining an SDK set of the android application package for security detection, wherein the SDK set comprises the first SDK file and an SDK subset, and the SDK subset comprises the second SDK file, the third SDK file and the fourth SDK file.
2. The method of claim 1, further comprising:
performing security detection on the SDK set to obtain a security detection result;
calculating a first hash value of the android application package;
and correspondingly storing the security detection result and the first hash value of the android application program package into a database.
3. The method of claim 2, further comprising:
receiving a security detection request of a user for another android application program package;
calculating a second hash value of the other android application package;
Acquiring the security detection result corresponding to the first hash value from the database under the condition that the second hash value is the same as the first hash value;
And sending the security detection result corresponding to the first hash value to a user.
4. The method of claim 1, further comprising:
calculating a first hash value of the android application package;
Judging whether the SDK set of the android application program package exists in a database according to the first hash value;
executing the decompiled android application package in the absence of the SDK set in the database;
After determining the SDK set, storing the SDK set and the first hash value in the database correspondingly.
5. The method of claim 3 or 4, wherein the first hash value comprises a SHA1 value.
6. An application processing apparatus, comprising:
The decompilation module is configured to decompilate the android application program package to obtain a lib folder, a build. Gradle file and a class file;
The first traversing module is configured to traverse the lib folder to obtain a first Software Development Kit (SDK) file under the lib folder, wherein the first SDK file comprises a jar file and a so file;
The identification module is configured to identify the content in the dependent item of the build. Gradle file so as to obtain a second SDK file;
The second traversing module is configured to traverse the class file to extract the package guiding content by utilizing the keywords so as to obtain a third SDK file possibly called by the android application package;
the first acquisition module is configured to acquire a fourth SDK file which is actually invoked in the running process of the android application program package in the real machine sandbox; and
A determining module configured to determine an SDK set of the android application package for security detection, the SDK set including the first SDK file and an SDK subset, the SDK subset including the second SDK file, the third SDK file, and the fourth SDK file.
7. The apparatus of claim 6, further comprising:
The detection module is configured to perform security detection on the SDK set to obtain a security detection result;
A computing module configured to compute a first hash value of the android application package;
and the storage module is configured to correspondingly store the security detection result and the first hash value of the android application program package into a database.
8. The apparatus of claim 7, further comprising:
The receiving module is configured to receive a security detection request of a user for another android application program package;
the computing module is further configured to compute a second hash value of the other android application package;
a second obtaining module configured to obtain, from the database, the security detection result corresponding to the first hash value, in a case where the second hash value and the first hash value are the same; and
And the sending module is configured to send the security detection result corresponding to the first hash value to a user.
9. An application processing apparatus, comprising:
a memory; and
A processor coupled to the memory and configured to perform the method of any of claims 1-5 based on instructions stored in the memory.
10. A computer readable storage medium comprising computer program instructions, wherein the computer program instructions, when executed by a processor, implement the method of any of claims 1-5.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110347307.9A CN115146264B (en) | 2021-03-31 | 2021-03-31 | Application program processing method and device |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202110347307.9A CN115146264B (en) | 2021-03-31 | 2021-03-31 | Application program processing method and device |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN115146264A CN115146264A (en) | 2022-10-04 |
| CN115146264B true CN115146264B (en) | 2024-11-12 |
Family
ID=83404337
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202110347307.9A Active CN115146264B (en) | 2021-03-31 | 2021-03-31 | Application program processing method and device |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN115146264B (en) |
Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106528421A (en) * | 2016-11-09 | 2017-03-22 | 国网浙江省电力公司电力科学研究院 | Method for processing SDKs in Android applications |
| CN111124486A (en) * | 2019-12-05 | 2020-05-08 | 任子行网络技术股份有限公司 | Method, system and storage medium for discovering android application to refer to third-party tool |
| CN112231697A (en) * | 2020-11-05 | 2021-01-15 | 腾讯科技(深圳)有限公司 | Third-party SDK behavior detection method, device, medium and electronic equipment |
Family Cites Families (7)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108037928A (en) * | 2017-12-13 | 2018-05-15 | 北京小米移动软件有限公司 | Software development kit tools SDK detection method and device |
| CN108595192B (en) * | 2018-05-08 | 2021-08-27 | 青岛海信宽带多媒体技术有限公司 | Application program installation method and terminal equipment |
| CN111259382A (en) * | 2018-11-30 | 2020-06-09 | 中国电信股份有限公司 | Malicious behavior identification method, device and system and storage medium |
| CN111625232B (en) * | 2020-05-29 | 2023-03-24 | 北京字节跳动网络技术有限公司 | Method and device for generating application program installation package, readable medium and electronic equipment |
| CN112000339B (en) * | 2020-07-09 | 2021-09-21 | 北京大学 | Android APK file dependent component identification method and device |
| CN112287343B (en) * | 2020-10-16 | 2024-06-25 | 深圳市和讯华谷信息技术有限公司 | SDK monitoring method, device, computer equipment and storage medium |
| CN112148305B (en) * | 2020-10-28 | 2024-09-10 | 腾讯科技(深圳)有限公司 | Application detection method, device, computer equipment and readable storage medium |
-
2021
- 2021-03-31 CN CN202110347307.9A patent/CN115146264B/en active Active
Patent Citations (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN106528421A (en) * | 2016-11-09 | 2017-03-22 | 国网浙江省电力公司电力科学研究院 | Method for processing SDKs in Android applications |
| CN111124486A (en) * | 2019-12-05 | 2020-05-08 | 任子行网络技术股份有限公司 | Method, system and storage medium for discovering android application to refer to third-party tool |
| CN112231697A (en) * | 2020-11-05 | 2021-01-15 | 腾讯科技(深圳)有限公司 | Third-party SDK behavior detection method, device, medium and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN115146264A (en) | 2022-10-04 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN108768943B (en) | Method and device for detecting abnormal account and server | |
| Das et al. | The web's sixth sense: A study of scripts accessing smartphone sensors | |
| US9596257B2 (en) | Detection and prevention of installation of malicious mobile applications | |
| US9537897B2 (en) | Method and apparatus for providing analysis service based on behavior in mobile network environment | |
| JP2023550974A (en) | Image-based malicious code detection method and device and artificial intelligence-based endpoint threat detection and response system using the same | |
| CN106709336A (en) | Method and apparatus for identifying malware | |
| CN105389508B (en) | A detection method and device for an Android repackaged application | |
| CN110708335A (en) | Access authentication method and device and terminal equipment | |
| CN107330326A (en) | A kind of malice trojan horse detection processing method and processing device | |
| US20240160779A1 (en) | Privacy preserving application and device error detection | |
| JP6322240B2 (en) | System and method for detecting phishing scripts | |
| CN111163094A (en) | Network attack detection method, network attack detection device, electronic device, and medium | |
| CN116595523A (en) | Multi-engine file detection method, system, equipment and medium based on dynamic arrangement | |
| CN112379967B (en) | Simulator detection method, device, equipment and medium | |
| KR20220073657A (en) | Image-based malicious code analysis method and apparatus and artificial intelligence-based endpoint detection and response system using the same | |
| Arkalakis et al. | Abandon All Hope Ye Who Enter Here: A Dynamic, Longitudinal Investigation of Android's Data Safety Section | |
| US20190236269A1 (en) | Detecting third party software elements | |
| Lee et al. | A study on realtime detecting smishing on cloud computing environments | |
| CN115146264B (en) | Application program processing method and device | |
| CN111143833A (en) | Illegal application program category identification method and device | |
| CN115296895A (en) | Request response method and device, storage medium and electronic equipment | |
| KR20140037442A (en) | Method for pre-qualificating social network service contents in mobile environment | |
| CN114398994A (en) | Method, device, equipment and medium for detecting business abnormity based on image identification | |
| Zhan et al. | DroidExaminer: An Android malware hybrid detection system based on ensemble learning | |
| CN114238945B (en) | Method and device for determining authority information |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |