A mobile application evaluation method and system

A mobile application and evaluation method technology, applied in error detection/correction, software testing/debugging, instruments, etc., can solve the problems of long evaluation cycle, heavy workload, neglect of security risk threats and losses, etc., to achieve short evaluation cycle, Avoid inconsistencies and evaluate the effects of low cost

Active Publication Date: 2022-07-29
中国移动通信集团内蒙古有限公司
View PDF4 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0004] First, business is more important than security, and there is a lack of unified security specifications: application developers or operating units put more investment and attention on business development, ignoring the threats and losses that may be caused by security risks. In addition, there is a lack of unified, Standard safety regulations lead to a large gap in safety protection methods and safety defense capabilities;
[0005] Second, the security level of application developers varies from good to bad, and their security protection capabilities are limited: application developers or developers are better at and focus on business development, and lack the ability to continuously research and apply security technologies in specific fields, resulting in "disease release" of applications The phenomenon of the application is ubiquitous, and attackers can exploit the vulnerability of the application itself to discover security attacks;
[0006] Third, the smart terminal operating system and components themselves have certain vulnerability risks
This method firstly requires high personal ability of the security technicians participating in the evaluation, and requires deep technical accumulation and certain processing experience in mobile application security; The cycle is also relatively long, and it cannot ensure that all risk points are fully covered
[0009] Second, the tool scan results are single, lacking intelligent judgment and analysis
At this stage, some security tools can directly scan mobile applications for risks, but the output results are mostly process data or intermediate results, and the automatic analysis ability is insufficient, requiring manual analysis and confirmation one by one, which will consume a lot of time and require security technicians Very familiar with the use of tools and related attributes, it is difficult to adapt to the characteristics of rapid iterative release of mobile application versions
[0010] Third, lack of automation and continuous security risk update mechanism
Due to the ever-changing mobile application technology, various new vulnerabilities continue to emerge. Relying on manual analysis or traditional tools cannot synchronize with the latest risk vulnerabilities, which may lead to fatal risks after mobile application evaluation
[0011] Fourth, the evaluation cycle is long, the workload is large, and the implementation cost is high
[0012] When using manual methods to evaluate mobile application security risks, there are high requirements for personnel's own security knowledge and proficiency in tools. All test results require direct manual intervention, so a large workload is required. and longer period, the overall implementation cost is higher
[0013] Therefore, with the rapid development of the mobile Internet and the increasingly serious threat of security risks, simply adopting a method based on manual evaluation of mobile application security risks can no longer meet the requirements for mobile application security risk control. Only by seeking a new solution can we guarantee The interests of users and application providers promote the sustainable development of the industry chain

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • A mobile application evaluation method and system
  • A mobile application evaluation method and system
  • A mobile application evaluation method and system

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0046] In order to make the purposes, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly described below with reference to the drawings in the embodiments of the present invention. Obviously, the described embodiments are the Some, but not all, embodiments are disclosed. Based on the embodiments of the present invention, all other embodiments obtained by those of ordinary skill in the art without creative efforts shall fall within the protection scope of the present invention.

[0047] figure 1 A flowchart of a mobile application evaluation method provided by an embodiment of the present invention, such as figure 1 As shown, the method includes: S1, unpacking the installation package of the mobile application to be evaluated, to obtain characteristic information of the mobile application to be evaluated; S2, combining the characteristic information with the...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

Embodiments of the present invention provide a method and system for evaluating a mobile application. The method includes: unpacking an installation package of a mobile application to be evaluated to obtain feature information of the mobile application to be evaluated; combining the feature information with a preset In the baseline risk indicator library, the baseline indicators corresponding to multiple risk categories that need to be evaluated for the mobile application to be evaluated are respectively associated, and the feature information is detected by using the baseline indicators corresponding to each risk category to be evaluated, to obtain A detection result corresponding to each risk category to be evaluated; according to the detection result, determine the risk level of each risk category to be evaluated by the mobile application to be evaluated. The mobile application security evaluation baseline indicators and risk level calculation standards are unified, and there is no need to rely on the professional skill level of the evaluators, which avoids problems such as inconsistent evaluation methods, inconsistent evaluation standards, and omissions in the evaluation scope. The evaluation cycle is short and the evaluation cost is low.

Description

technical field [0001] Embodiments of the present invention relate to the field of mobile application security, and more particularly, to a mobile application evaluation method and system. Background technique [0002] With the rapid popularization of mobile Internet applications, the security threats faced are becoming increasingly severe. Especially in recent years, my country's mobile payment business has developed rapidly, and the huge profit space has prompted black industry organizations to attack mobile applications through tampering, secondary packaging, vulnerability exploitation, malicious attacks, etc., to destroy or steal illegal benefits. Serious damage to the interests of developers, operators and end users. Mobile applications have become one of the main entrances to Internet business. Due to the widespread application of mobile payment, the “profit-driven” characteristics of mobile application security attacks are very obvious. Due to the weak security protec...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
Patent Type & AuthorityPatents(China)
IPC IPC(8): G06F11/36
CPCG06F11/3692G06F21/577
Inventor康雅萍赵永安高妍陈熠乔栋孙卫国
Owner中国移动通信集团内蒙古有限公司