Android application classification authorization method for quantitative judgment of suspicious behaviors

Abstract

The invention discloses an android application classification authorization method for quantitative judgment of suspicious behaviors. According to the android application classification authorization method for quantitative judgment of suspicious behaviors, an existing android system authorization mechanism is improved from two aspects of assisting user authorization and refining authorization modes, wherein firstly, aiming at the situation that a large number of user privacy permissions are obtained by application programs and cross-border obtaining is very serious, from the aspects of safety and privacy, a suspicious behavior quantitative judgment scheme is provided, and when an application program is installed, a judgment result is presented to a user in a simple, concise and direct expression by checking an applied permission list and judging the security threat degree of the application program, so that the user is helped to make an authorization decision; and secondly, an existing coarse-grained authorization mode of full selection or non-full selection is improved, a classification authorization method is provided, for some privacy permissions, the user is allowed to flexibly authorize each permission, and meanwhile, the privacy information of the user is protected from being leaked while normal operation of the application program is ensured in a replacement mode.

Description

technical field [0001] The invention relates to an Android application classification authorization method, in particular to an Android application classification authorization method for quantitative evaluation of suspicious behaviors, and belongs to the technical field of Android application authorization. Background technique [0002] In the current mobile platform scene, Android is one of the most popular open source and customizable mobile operating systems. With the increasing complexity, functionality and convenience of smartphones, users are increasingly relying on them to store and process some personal information, users can find smartphone phone log information, and can obtain users' friends or family through the address book Member information, the user's browsing history can be obtained through the accessed Uri, and cached emails and photos taken by the built-in camera can also be obtained. Since these are all private information, it is natural to consider the s...

AI Technical Summary

Problems solved by technology

[0010] First, malicious applications will leak users' personal information without user authorization. The disorderly third-party application market and a large number of applications from unknown sources seriously threaten the security of users' mobile phones. In view of these threats of privacy leakage, there are It is necessary to take some measures to deal with malicious applications stealing user information. In the permission mechanism of the Android system, each important resource corresponds to a permission, and the application can only access the corresponding resource after obtaining the permission. When the application is installed, the Android The system will obtain a detailed permission description so that the user can know what information or access rights are required to run the application, and at the same time display these permission requests to the end user, allowing the user to decide whether to agree or refuse. The permissions assigned to the application can limit the application Programs are used for operations on smartphones. As for permissions, both malicious apps and legitimate apps can apply for access. It is difficult for users to identify threatening apps. Therefore, how to point out to users when they install apps The threat hidden in the application program and assisting the user to make an authorization decision are the pain points of the prior art and the problems solved by the present invention;

[0011] Second, if a user in the prior art wants to use a certain application program, the permission mechanism of Android requires the user to grant all permissions requested by the application program. Complete the installation, or deny all permissions and give up the installation. This coarse-grained control strategy makes the user have to accept some unnecessary or unreasonable permission requests in order to use a certain application. How to install the application? Improving the existing authorization mechanism of selecting all yes or selecting all no, allowing users to more flexibly authorize permission requests made by applications is a pain point in the prior art and a problem solved by the present invention;

[0012] Third, in the security mechanism of the Android system, there are many problems in the permission mechanism, mainly the following two problems: First, when the application is installed, the Android system will display the list of permissions applied for by the application to the user, and hand over the authorization task to the user , it is up to the user to decide whether to authorize. For the threat of the application, the user cannot draw conclusions intuitively, and can only make an authorization decision based on his own cognition and experience. The second method of decision-making is that although the Android system provides more than 100 kinds of permission labels to declare the corresponding permissions, its access control is coarse-grained. You can only choose to select all or select all when authorizing, which is obviously unreasonable for some Permission requests cannot be selectively rejected. In view of this problem, the present invention researches and implements a method for allowing users to install classified authorizations;

[0013] Fourth, malware in daily use is always masquerading as a legitimate application. It is difficult for users to perceive the malicious behavior performed by malware. When smartphone users realize the existence of malware, it is often too late. Has already caused harm to users, but in the existing Android permission mechanism, when installing applications, users can only rely on their own security awareness to decide whether to authorize, so as to decide whether to install or not

In the actual installation process, users usually do not carefully analyze the permissions applied for by the application, and even if the user checks carefully, it is difficult for ordinary users to completely match the permissions applied for with the functions of the application, because users generally do not use all functions. This makes it very difficult for users to identify redundant permission applications or malicious applications during installation. They often only decide whether to install based on their usage needs. Based on such user authorization difficulties, additional information is needed to help when installing applications. users make the right decisions

Images