Unlock instant, AI-driven research and patent intelligence for your innovation.

Vulnerability detection method and device for leaking private data in application programs

A technology for applications and private data, applied in the field of information security, which can solve problems such as failure to detect vulnerabilities that leak private data

Active Publication Date: 2017-02-15
BEIJING KINGSOFT INTERNET SECURITY SOFTWARE CO LTD
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

However, this method does not detect whether there is a vulnerability of leaking private data due to the setting of shared data in the application to be tested

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Vulnerability detection method and device for leaking private data in application programs
  • Vulnerability detection method and device for leaking private data in application programs
  • Vulnerability detection method and device for leaking private data in application programs

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0024] The following will clearly and completely describe the technical solutions in the embodiments of the present invention with reference to the accompanying drawings in the embodiments of the present invention. Obviously, the described embodiments are only some, not all, embodiments of the present invention. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0025] In the embodiment of the present invention, the application program to be detected can be an application program based on a mobile phone operating system such as Android, Symbian or Apple IOS, or an application program based on a computer operating system, which is not limited in the embodiment of the present invention. For convenience of description, the embodiment of the present invention takes an application program based on an Android mobile phone op...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a method for detecting private data leakage loopholes in an application program. The method includes the steps that a shared flag bit and the security level of a Content provider assembly in the application program to be detected are obtained; if the shared flag bit is a preset value and the security level is a preset security level, a proxy application program is instructed to have access to a shared file pointed by a first URI, so that the proxy application program is made to have access to a non-shared file pointed by a second URI; an access result generated after the proxy application program has access to the non-shared file is acquired, if access is successful, the condition that private data leakage loopholes exist in the application program to be detected is determined. The embodiment of the invention further discloses a device for detecting private data leakage loopholes in the application program. By the adoption of the method and device, whether the private data leakage loopholes exist in the application program to be detected or not can be automatically detected.

Description

technical field [0001] The present invention relates to the technical field of information security, in particular to a method and device for detecting vulnerabilities in application programs that leak private data. Background technique [0002] Usually, the private files of the application are not allowed to be accessed by any other files or any other applications except the application itself. Therefore, when the application needs to share a private file with other applications, the method often used It is to add a Content provider component to the application file, and then set different access permissions for other applications or files by configuring the shared flag and security level of the Content provider component. [0003] For example, if the content provider component is configured to share data, when the security level is "signatureOrSystem", it means that only system applications and applications with the same digital signature as this application can access the...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & Authority Patents(China)
IPC IPC(8): G06F21/57
CPCG06F21/577
Inventor 刘文柱沈江波张楠徐鸣
Owner BEIJING KINGSOFT INTERNET SECURITY SOFTWARE CO LTD