Template package detection method and server

By combining static and dynamic detection results, the application template package is modified in its source code and run in different sandbox environments to generate a target detection report. This solves the problem of inaccurate detection results in existing technologies and improves the security and privacy compliance of the application template package.

CN122365488APending Publication Date: 2026-07-10HUAWEI TECH CO LTD

Patent Information

Authority / Receiving Office
CN · China
Patent Type
Applications(China)
Current Assignee / Owner
HUAWEI TECH CO LTD
Filing Date
2025-01-10
Publication Date
2026-07-10

AI Technical Summary

Technical Problem

The existing static detection method using template packages cannot detect problems that occur during actual operation and there is a risk that the detection can be bypassed, resulting in low accuracy of the detection results.

Method used

By combining static and dynamic detection results, a compilable application package is generated by modifying the source code of the application template package. This package is then run in different sandbox environments to generate a dynamic detection report. Finally, a target detection report is generated by combining the static and dynamic detection reports.

Benefits of technology

It improves the reliability of security detection results for application template packages, discovers hidden malicious behaviors and runtime vulnerabilities, avoids anti-debugging and anti-analysis techniques, and enhances the security and privacy compliance of application template packages and applications that use them.

✦ Generated by Eureka AI based on patent content.

Smart Images

  • Figure CN122365488A_ABST
    Figure CN122365488A_ABST
Patent Text Reader

Abstract

This application provides an application template package detection method and server, relating to the field of terminal technology. This application can improve the reliability of the output detection report by combining static and dynamic detection results. The method includes: a server receiving an application template package sent by an electronic device; the server obtaining a static detection report of the application template package, which includes a first problem existing in the application template package during static detection; and the server generating an application package based on the application template package, running the application package, and generating a dynamic detection report of the application template package, which includes a second problem existing in the application package during dynamic operation. Subsequently, the server generates a target detection report of the application template package based on the static and dynamic detection reports.
Need to check novelty before this filing date? Find Prior Art

Description

Technical Field

[0001] This application relates to the field of terminal technology, and in particular to an application template package detection method and server. Background Technology

[0002] During application development, developers can pre-create application template packages that include code frameworks or code snippets. These template packages can be used to quickly launch a new application project or reused in an existing one. For example, if a developer uploads an application template package to a server and allows downloads, other developers can download the package to quickly build new applications and reduce repetitive work.

[0003] To prevent security issues in the application template package from being introduced into the application, the server can perform security checks on the application template package after obtaining it. Optionally, since the application template package is not a complete application, it cannot be directly compiled and run. The server typically uses static pattern matching to check the security of the application template package.

[0004] However, static detection methods may fail to detect problems that only arise during actual operation of applications built based on the application template package. Furthermore, some existing methods can bypass static detection methods such as pattern matching, resulting in low accuracy of static detection results. Summary of the Invention

[0005] To address the aforementioned technical problems, this application provides an application template package detection method and server. The technical solution provided by this application can combine static and dynamic detection results to improve the reliability of the output detection report.

[0006] To achieve the above-mentioned technical objectives, this application provides the following technical solution:

[0007] Firstly, a template package detection method is provided, applied to a server. The method includes: receiving an application template package sent by an electronic device; obtaining a static detection report of the application template package, the static detection report including a first problem existing in the application template package during static detection; generating an application package based on the application template package; running the application package and generating a dynamic detection report of the application template package, the dynamic detection report including a second problem existing in the application package during dynamic execution; and generating a target detection report of the application template package based on the static and dynamic detection reports.

[0008] In this way, the server can perform not only static analysis of application template packages but also dynamic analysis. By combining the results of static and dynamic analysis, it can discover hidden malicious behaviors, runtime vulnerabilities, and other security issues. Furthermore, it can counter anti-debugging and anti-analysis techniques, avoiding the low accuracy of detection results caused by some methods in existing technologies that can bypass static analysis methods such as pattern matching. Through more comprehensive and in-depth security and privacy analysis of application template packages, the security and privacy compliance of application template packages and applications using them are ultimately improved.

[0009] According to the first aspect, generating an application package from an application template package includes: modifying the source code in the application template package using a preset method to generate the application package; wherein, the preset method includes using pattern matching to perform compilability detection of the application template package and modification of the source code, or using manual methods to perform source code detection and modification.

[0010] Optionally, the application template package is provided in source code form, which supports flexible modification.

[0011] In this way, the server can modify the application template package to generate a dynamically detectable application package through a preset method, which facilitates the subsequent generation of dynamic detection reports. This avoids the problem of low reliability in the output detection reports due to the application template package's inability to perform dynamic detection.

[0012] According to the first aspect, or any implementation of the first aspect above, the pattern in the pattern matching method includes predefined rules, the predefined rules include that the structure of the application template package conforms to the corresponding application package body structure requirements, and / or that the resource files referenced by the source code files in the application template package exist in the application template package.

[0013] In this way, the server can perform compileability checks on the application template package using predefined rules in the template, identifying any discrepancies between the application template package and the template. The server then modifies the source code to correct these issues, outputting the modified source code. This modified source code can then be used to create a compileable application package, meeting the runtime requirements of subsequent application packages.

[0014] According to the first aspect, or any implementation of the first aspect above, generating an application package based on the application template package also includes: compiling and packaging the modified source code to generate the application package.

[0015] In this way, after compiling and packaging the modified source code, an application package that meets the requirements of dynamic detection can be generated, which facilitates the generation of dynamic detection reports for the application template package.

[0016] According to the first aspect, or any implementation of the first aspect above, the application package also includes a signature.

[0017] In this way, by signing the compiled and packaged application package, the integrity and identity of the application package can be identified based on the signature.

[0018] Based on the first aspect, or any implementation of the first aspect above, run the application package and generate a dynamic detection report for the application template package, including: running the application package and generating a detection report for the application package. Based on the code changes of the application package relative to the application template package, remove the problems introduced by the code changes in the application package's detection report and generate a dynamic detection report.

[0019] Optionally, since the server modifies the source code in the application template package to generate the application package and then performs a dynamic detection process, the detection report of the application package obtained by the server may contain issues in the modified source code that are not part of the application template package's source code. Therefore, the server needs to remove these issues to obtain a dynamic detection report corresponding to the application template package.

[0020] Thus, the problems included in the final dynamic detection report are all caused by the execution of the source code in the application template package.

[0021] According to the first aspect, or any implementation of the first aspect above, run the application package and generate a dynamic detection report of the application template package, including: running the application package in different types of sandbox environments and generating a dynamic detection report of the application template package.

[0022] Optionally, the server can pre-configure various types of sandbox environments. After installing an application package within a sandbox environment, the server can perform dynamic testing of the application in different runtime environments. Optionally, the server can generate different dynamic testing reports for different types of sandbox environments; or, generate a single dynamic testing report.

[0023] In this way, by running in different types of sandbox environments, the problem of not being able to discover the performance of application template packages on different devices is avoided.

[0024] According to the first aspect, or any implementation of the first aspect above, the static detection report includes at least one of the following: permission analysis results, first sensitive data leakage analysis results, vulnerability analysis results, malicious code detection results, or first security configuration assessment results. The dynamic detection report includes at least one of the following: runtime behavior analysis results, network communication analysis results, second sensitive data leakage analysis results, malicious behavior detection results, or second security configuration assessment results.

[0025] According to the first aspect, or any implementation of the first aspect above, the first problem includes at least one of the following: a problem with the indication of permission analysis results, a problem with the indication of the indication of first sensitive data leakage analysis results, a problem with the indication of vulnerability analysis results, a problem with the indication of malicious code detection results, or a problem with the indication of first security configuration assessment results. The second problem includes at least one of the following: a problem with the indication of runtime behavior analysis results, a problem with the indication of network communication analysis results, a problem with the indication of the indication of second sensitive data leakage analysis results, a problem with the indication of malicious behavior detection results, or a problem with the indication of second security configuration assessment results.

[0026] In this way, by conducting static and dynamic tests on various testing items, a more comprehensive security test of the application template package can be achieved.

[0027] According to the first aspect, or any implementation of the first aspect above, obtain the static detection report of the application template package, including: matching the application template package through a predefined pattern to obtain the static detection report of the application template package.

[0028] Optionally, the predefined template may include one or more potential issues such as permission analysis, sensitive data leakage analysis, vulnerability analysis, malicious code detection, or security configuration assessment.

[0029] In this way, by using pattern matching, problems in the application template package during static analysis were discovered.

[0030] Based on the first aspect, or any implementation of the first aspect above, a target detection report for the application template package is generated based on the static detection report and the dynamic detection report, including: merging identical detection items in the static detection report and the dynamic detection report to generate a target detection report for the application template package.

[0031] In some embodiments, the same detection items exist in both the static and dynamic detection reports. In this case, the server can merge the identical detection items from the static and dynamic reports to generate the target detection report for the application template package. For example, the server can merge the detection results of identical detection items from the two reports to generate the target detection report, ensuring that the target detection report has complete detection results without causing redundancy in the detection items.

[0032] According to the first aspect, or any implementation of the first aspect above, the target detection report also includes the scan log of the application template package. The scan log records all steps of static detection and dynamic detection and their corresponding execution times in chronological order. Static detection is used to generate a static detection report, and dynamic detection is used to generate a dynamic detection report.

[0033] Thus, scanning the logs makes it easier to understand the entire detection process of the application template package.

[0034] Secondly, a server is provided. The server includes a processor and a memory. The memory is coupled to the processor and stores computer program code, including computer instructions. When the processor reads the computer instructions from the memory, the server executes the following: receiving an application template package sent by an electronic device; obtaining a static detection report of the application template package, the static detection report including a first problem existing in the application template package during static detection; generating an application package based on the application template package; running the application package and generating a dynamic detection report of the application template package, the dynamic detection report including a second problem existing in the application package during dynamic execution; and generating a target detection report of the application template package based on the static and dynamic detection reports.

[0035] According to the second aspect, generating an application package based on an application template package includes: modifying the source code in the application template package using a preset method to generate the application package; wherein, the preset method includes using pattern matching to perform compilability detection of the application template package and modification of the source code, or using manual methods to perform source code detection and modification.

[0036] According to the second aspect, or any implementation of the second aspect above, the pattern in the pattern matching method includes predefined rules, the predefined rules include that the structure of the application template package conforms to the corresponding application package body structure requirements, and / or that the resource files referenced by the source code files in the application template package exist in the application template package.

[0037] According to the second aspect, or any implementation of the second aspect above, generating an application package based on the application template package also includes: compiling and packaging the modified source code to generate the application package.

[0038] According to the second aspect, or any implementation of the second aspect above, the application package also includes a signature.

[0039] Based on the second aspect, or any implementation of the second aspect above, run the application package and generate a dynamic detection report for the application template package, including: running the application package and generating a detection report for the application package. Based on the code changes of the application package relative to the application template package, remove the problems introduced by the code changes in the application package's detection report and generate a dynamic detection report.

[0040] According to the second aspect, or any implementation of the second aspect above, run the application package and generate a dynamic detection report of the application template package, including: running the application package in different types of sandbox environments and generating a dynamic detection report of the application template package.

[0041] According to the second aspect, or any implementation of the second aspect above, the static detection report includes at least one of the following: permission analysis results, first sensitive data leakage analysis results, vulnerability analysis results, malicious code detection results, or first security configuration assessment results. The dynamic detection report includes at least one of the following: runtime behavior analysis results, network communication analysis results, second sensitive data leakage analysis results, malicious behavior detection results, or second security configuration assessment results.

[0042] According to the second aspect, or any implementation of the second aspect above, the first problem includes at least one of the following: a problem with the indication of permission analysis results, a problem with the indication of the indication of first sensitive data leakage analysis results, a problem with the indication of vulnerability analysis results, a problem with the indication of malicious code detection results, or a problem with the indication of first security configuration assessment results. The second problem includes at least one of the following: a problem with the indication of runtime behavior analysis results, a problem with the indication of network communication analysis results, a problem with the indication of the indication of the second sensitive data leakage analysis results, a problem with the indication of malicious behavior detection results, or a problem with the indication of second security configuration assessment results.

[0043] According to the second aspect, or any implementation of the second aspect above, obtain the static detection report of the application template package, including: matching the application template package through a predefined pattern to obtain the static detection report of the application template package.

[0044] Based on the second aspect, or any implementation of the second aspect above, a target detection report for the application template package is generated based on the static detection report and the dynamic detection report, including: merging identical detection items in the static detection report and the dynamic detection report to generate a target detection report for the application template package.

[0045] According to the second aspect, or any implementation of the second aspect above, the target detection report also includes the scan log of the application template package. The scan log records all steps of static detection and dynamic detection and their corresponding execution times in chronological order. Static detection is used to generate a static detection report, and dynamic detection is used to generate a dynamic detection report.

[0046] Thirdly, a server is provided that has the functionality to implement the methods described in the first aspect and any of their possible implementations. This functionality can be implemented in hardware or by hardware executing corresponding software. The hardware or software includes one or more modules corresponding to the described functionality.

[0047] Fourthly, a computer-readable storage medium is provided. The computer-readable storage medium stores a computer program (also referred to as instructions or code) that, when executed by a server, causes the server to perform the method of the first aspect or any embodiment of the first aspect.

[0048] Fifthly, a computer program product is provided that, when run on a server, causes the server to execute the method of the first aspect or any one of the embodiments of the first aspect.

[0049] In a sixth aspect, a circuit system is provided, the circuit system including processing circuitry configured to perform the method of the first aspect or any embodiment of the first aspect.

[0050] In a seventh aspect, a chip system is provided, including at least one processor and at least one interface circuit, wherein the at least one interface circuit is used to perform transceiver functions and send instructions to the at least one processor, and when the at least one processor executes the instructions, the at least one processor performs the method of the first aspect or any embodiment of the first aspect.

[0051] The technical effects of the aforementioned aspects can be referenced from each other, and will not be elaborated further here. Attached Figure Description

[0052] Figure 1 This is a schematic diagram of the static detection process of the application template package provided in the embodiments of this application;

[0053] Figure 2 A schematic diagram of the communication system used in the application template packet detection method provided in this embodiment of the application;

[0054] Figure 3 A schematic diagram of the hardware structure of the server provided in an embodiment of this application;

[0055] Figure 4 This is a schematic diagram of module interaction provided in an embodiment of this application;

[0056] Figure 5 Schematic diagram of the application template package detection method provided in the embodiments of this application Figure 1 ;

[0057] Figure 6 This is a schematic diagram of the basic package structure of the HarmonyOS application provided in the embodiments of this application;

[0058] Figure 7 This is a schematic diagram of the development-state application engineering structure of the HarmonyOS application template package provided in the embodiments of this application;

[0059] Figure 8 This is a schematic diagram of the interface provided for an embodiment of this application;

[0060] Figure 9 Schematic diagram of the application template package detection method provided in the embodiments of this application Figure 2 ;

[0061] Figure 10 This is a schematic diagram of the server structure provided in an embodiment of this application. Detailed Implementation

[0062] The technical solutions of the embodiments of this application are described below with reference to the accompanying drawings. In the description of the embodiments of this application, the terminology used in the following embodiments is for the purpose of describing specific embodiments only and is not intended to be a limitation of this application. As used in the specification and appended claims of this application, the singular expressions “a,” “an,” “the,” “the,” “the,” and “this” are intended to include expressions such as “one or more,” unless the context clearly indicates otherwise. It should also be understood that in the following embodiments of this application, “at least one” and “one or more” refer to one or more (including two).

[0063] References to "one embodiment" or "some embodiments" in this specification mean that one or more embodiments of this application include a specific feature, structure, or characteristic described in connection with that embodiment. Therefore, the phrases "in one embodiment," "in some embodiments," "in other embodiments," "in still other embodiments," etc., appearing in different parts of this specification do not necessarily refer to the same embodiment, but rather mean "one or more, but not all, embodiments," unless otherwise specifically emphasized. The terms "comprising," "including," "having," and variations thereof mean "including but not limited to," unless otherwise specifically emphasized. The term "connection" includes direct connections and indirect connections, unless otherwise stated. "First" and "second" are used for descriptive purposes only and should not be construed as indicating or implying relative importance or implicitly specifying the number of technical features indicated.

[0064] In the embodiments of this application, the words "exemplarily" or "for example" are used to indicate examples, illustrations, or explanations. Any embodiment or design described as "exemplarily" or "for example" in the embodiments of this application should not be construed as being more preferred or advantageous than other embodiments or design solutions. Specifically, the use of the words "exemplarily" or "for example" is intended to present the relevant concepts in a specific manner.

[0065] In some embodiments, the application template package may include, for example, code frameworks or code snippets that implement predefined functions and structures, allowing developers to customize and extend them. Optionally, the application template package may include, for example, user interface elements, business logic, data models, network communication modules, etc.

[0066] Optionally, the application template package can also be described as a template package, initialization template package, project template package, development base, etc., and this application embodiment does not limit this. The following uses the application template package as an example to introduce the application template package detection method provided in this application embodiment.

[0067] In some examples, an application template package can be used by at least one application. Therefore, if the application template package contains security issues, such as security vulnerabilities or privacy compliance issues, these security problems could be introduced into applications created based on that template package. Thus, it is necessary to detect security issues in application template packages.

[0068] Alternatively, since the application template package is not a complete application, it cannot be compiled and run directly. Servers typically use static pattern matching to detect security issues in the application template package.

[0069] For example, such as Figure 1As shown, the server can obtain the application template package uploaded by the developer's electronic device. This application template package is provided in the form of source code (as in step S101). Then, the server performs static analysis on the application template package through pattern matching (as in step S102). Optionally, during the static analysis process, the server can perform lexical, syntactic, and semantic analysis on the source code in the obtained application template package. Lexical analysis converts the source code in the application template package into individual tags, removes whitespace and comments, thereby decomposing the source code into basic lexical units. Syntactic analysis organizes the tags obtained from lexical analysis into an abstract syntax tree according to grammatical rules, thereby verifying whether the source code conforms to the grammatical rules and providing a structured representation of the source code for subsequent detection processes. Semantic analysis can check for semantic errors, type errors, and other issues in the source code. Optionally, the server can also obtain predefined patterns that describe potential security issues. For example, this pattern can be used to match potential security issues in code including function calls, application programming interface (API) usage, and sensitive data processing. The server can then match predefined patterns against the source code in the application template package to identify potential security issues. During the matching process, the server can use regular expressions to detect specific string patterns or rules. Examples include sensitive permissions requested by the source code, stored sensitive information, implanted malicious code, and dependencies on third-party libraries. Alternatively, the server can analyze the syntactic structure generated by syntax analysis to prevent common security vulnerabilities such as Structured Query Language (SQL) injection and cross-site scripting attacks. The server can also use semantic information obtained from syntax analysis to identify potential logical vulnerabilities and business logic errors. Finally, the server can generate a report based on the issues identified during pattern matching (as in step S103). This report allows the server to determine whether to allow the application template package to be uploaded for download by other electronic devices, preventing developers from using application template packages with security issues to develop other applications and compromise application security.

[0070] It can be seen that static detection methods may fail to detect problems that only occur during actual operation of applications built based on the application template package. Furthermore, some existing methods can bypass static detection methods such as pattern matching, resulting in low accuracy of static detection results. In addition, static detection methods cannot simulate the behavior of software running on different operating systems or devices, thus failing to detect the performance of the application template package on different devices, posing a security risk.

[0071] Therefore, this application provides a template package detection method that can combine static and dynamic detection results to improve the reliability of the output detection report.

[0072] Figure 2 This application is a schematic diagram of a communication system in which the application template packet detection method provided in the embodiments of this application is applied. For example... Figure 2 As shown, the communication system includes a server 100 and an electronic device 200.

[0073] Optionally, server 100 can be a device or server with computing capabilities, such as a cloud server or a network server. Server 100 can be a single server, a server cluster consisting of multiple servers, or a cloud computing service center.

[0074] Optionally, the electronic device 200 may be a personal computer (PC), tablet computer, mobile phone, smart screen, wearable device (such as smartwatch, smart bracelet, etc.), in-vehicle system, ultra-mobile personal computer (UMPC), netbook, personal digital assistant (PDA), artificial intelligence (AI) device, and other terminal devices. The operating system installed on the electronic device 200 includes, but is not limited to, the following: Alternatively, other operating systems may be used. This application does not limit the specific type of electronic device 200 or the operating system installed on it.

[0075] In some embodiments, the electronic device 200 is, for example, a device used by a developer. Based on the developer's operation, the electronic device 200 can send a completed application template package to the server 100. Correspondingly, the server 100 can receive the application template package. Then, the server 100 can perform static and dynamic detection on the application template package and output a detection report.

[0076] Optionally, the server 100 and electronic device 200 in this embodiment can be implemented using different devices. These different devices can have the same, similar, or somewhat different hardware structures, for example... Figure 3 The hardware structure shown.

[0077] For example, server 100 has such Figure 3 Taking the hardware structure shown as an example, for Figure 3 The hardware structure shown will be explained.

[0078] Server 100 includes at least one processor 301, a communication line 302, a memory 303, and at least one communication interface 304. The memory 303 may also be included within the processor 301.

[0079] The processor 301 may be a general-purpose central processing unit (CPU), a microprocessor, an application-specific integrated circuit (ASIC), or one or more integrated circuits used to control the execution of the program of the present application.

[0080] Communication line 302 may include a path for transmitting information between the aforementioned components.

[0081] Communication interface 304 is used for communication with other devices. In this embodiment, the communication interface can be a module, circuit, bus, interface, transceiver, or other device capable of communication functions, used for communication with other devices. Optionally, when the communication interface is a transceiver, the transceiver can be a separately configured transmitter used to send information to other devices, or it can be a separately configured receiver used to receive information from other devices. The transceiver can also be a component that integrates sending and receiving information functions; this embodiment does not limit the specific implementation of the transceiver.

[0082] Memory 303 may be a read-only memory (ROM) or other type of static storage device capable of storing static information and instructions, random access memory (RAM) or other type of dynamic storage device capable of storing information and instructions, or electrically erasable programmable read-only memory (EEPROM), compact disc read-only memory (CD-ROM) or other optical disc storage, optical disk storage, magnetic disk storage media or other magnetic storage devices, or any other medium capable of carrying or storing desired program code in the form of instructions or data structures and accessible by a computer, but not limited thereto. Memory may exist independently and be connected to the processor via communication line 302. Memory may also be integrated with the processor.

[0083] The memory 303 stores computer execution instructions for implementing the solution of this application, and its execution is controlled by the processor 301. The processor 301 executes the computer execution instructions stored in the memory 303, thereby implementing the application template package detection method provided in the following embodiments of this application.

[0084] Optionally, the computer execution instructions in the embodiments of this application may also be referred to as application code, instructions, computer program or other names, and the embodiments of this application do not specifically limit them.

[0085] In a specific implementation, as one example, processor 301 may include one or more CPUs, for example... Figure 3 CPU0 and CPU1 in the CPU.

[0086] In a specific implementation, as one example, server 100 may include multiple processors, for example... Figure 3 Processors 301 and 307 are described herein. Each of these processors may be a single-core (single-CPU) processor or a multi-core (multi-CPU) processor. A processor here may refer to one or more devices, circuits, and / or processing cores used to process data (e.g., computer program instructions).

[0087] In a specific implementation, as one embodiment, server 100 may further include an output device 305 and an input device 306. The output device 305 communicates with the processor 301 and can display information in various ways. For example, the output device 305 may be a liquid crystal display (LCD), a light-emitting diode (LED) display device, a cathode ray tube (CRT) display device, or a projector, etc. The input device 306 communicates with the processor 301 and can receive user input in various ways. For example, the input device 306 may be a mouse, keyboard, touchscreen device, or sensing device, etc.

[0088] It is understood that the embodiments illustrated in this application are as follows: Figure 3 The structure does not constitute the only limitation on the structural implementation of server 100 or electronic device 200. In other embodiments of this application, server 100 or electronic device 200 may include more or fewer components than illustrated, or combine some components, or split some components, or have different component arrangements. The illustrated components may be implemented in hardware, software, or a combination of software and hardware.

[0089] The following section provides a detailed description of the application template package detection method provided in the embodiments of this application.

[0090] In some embodiments, after receiving an application package uploaded by an electronic device 200, the server 100 may perform a security check on the application package. Only after passing the security check is the application package allowed to be uploaded for download and use by other electronic devices, thereby ensuring the security of the application running corresponding to the application package.

[0091] Optionally, the application may have one or more security issues, such as data collection and sharing problems, permission abuse problems, insecure data transmission problems, malware and virus problems.

[0092] For example, during operation, an application may collect personal information and usage data such as user names, contact information, and geographical location. This personal information and usage data may be shared or sold by application developers or third parties, thereby posing a risk of privacy breaches and misuse.

[0093] For example, during operation, an application may request excessive permissions, such as access to contacts, SMS messages, and camera. If an application abuses these permissions after obtaining them, it may lead to the leakage of user privacy or malicious exploitation.

[0094] For example, applications may have security vulnerabilities during data transmission. For instance, if an application transmits unencrypted data, it could be stolen or tampered with by hackers.

[0095] For example, an application might contain malware or viruses. During operation, these could potentially steal sensitive data such as users' personal information and passwords.

[0096] All of the above issues may affect the security of users' use of the application. To address this, upon receiving the application package, the server can perform security checks to address any security concerns. Optionally, there are various security checks, which can generally be categorized into two main types: static checks and dynamic checks.

[0097] Optionally, static analysis refers to the process by which a server discovers potential security vulnerabilities by examining source code or binary files without running the code. The application template package is provided in source code form, while the application package is provided in binary file form.

[0098] Optionally, dynamic detection refers to running the application on a cloud phone or real device with a sandbox system installed, and using dynamic debugging tools or automated attack scripts to dynamically simulate attacks on the application, based on vulnerability and risk triggering principles. By detecting the application's operation, the risks and vulnerabilities present in the application can be verified.

[0099] In some embodiments, the code frameworks or code snippets included in the application template package cannot constitute a complete application. Therefore, after obtaining the application template package, the server can only perform security checks on it through static detection. After passing the static detection, the server can upload the application template package for other electronic devices to download. As mentioned above, relying solely on static detection has the problem of unreliable security detection results. Therefore, in the application template package detection method provided in this application embodiment, the application template package can be modified to transform it into a compileable and runnable application package, thereby achieving dynamic detection. In this way, combining the static and dynamic detection results improves the reliability of the security detection results of the application template package.

[0100] The following section introduces the implementation method of combining static and dynamic detection.

[0101] In some embodiments, the electronic device 200 may upload an application template package to the server 100 according to the developer's operation. Correspondingly, the server 100 receives the application template package sent by the electronic device 200. The server 100 then performs security checks on the application template package. During the checks, the server 100 can perform both static and dynamic checks on the application template package. By combining the static and dynamic check results, the server 100 can output a more accurate and comprehensive check report.

[0102] For example, such as Figure 4 As shown, server 100 receives the application template package uploaded by electronic device 200. Then, the distribution module in server 100 can send the application template package to the static detection module and the source code modification module respectively, thereby triggering the static detection process and the dynamic detection process of the application template package.

[0103] Upon receiving the application template package, the static analysis module performs static analysis on it using methods such as pattern matching to generate a static analysis report. This report is then sent to the distribution module.

[0104] It should be understood that the static detection process can refer to existing technologies, and will not be described in detail in the embodiments of this application. For example, the static detection module can be implemented through, for example, Figure 1 The method shown performs static testing on the application template package.

[0105] The application template package is provided in source code form, allowing for flexible modification; while the software development kit (SDK) used to support application download and execution is provided in binary form. Optionally, the SDK can also be described as an application package. Furthermore, as mentioned above, the application template package includes code frameworks or code snippets, and is not a complete application, therefore it cannot be directly compiled and run. Therefore, after obtaining the application template package, the source code modification module can modify it at the source code level, transforming it into the relevant code for a compilable application package. The source code modification module then sends the modified source code to the compilation and signing module. The compilation and signing module packages and signs the modified source code and sends the packaged and signed application package to the dynamic detection module. The dynamic detection module then runs the application package and outputs a detection report. Optionally, the dynamic detection module can feed back the detection report to the source code modification module. Optionally, after receiving the detection report of the application package, the source code modification module can, based on the aforementioned source code modifications, remove the problems introduced by the source code modifications in the detection report of the application package to generate a dynamic detection report for the application template package. Then, the source code modification module can send this dynamic detection report to the distribution module.

[0106] Subsequently, the distribution module can generate a target detection report for the application template package based on the received static and dynamic detection reports.

[0107] Optionally, server 100 can output a target detection report generated by the distribution module. In this way, the target detection report includes both static and dynamic detection issues of the application template package, enabling in-depth analysis of the application template package and ultimately improving the security and privacy compliance of the application template package and the applications using it.

[0108] The following section provides a detailed description of the detection process for application template packages.

[0109] Figure 5 This is a flowchart illustrating an application template package detection method provided in an embodiment of this application. It should be noted that this method does not rely on... Figure 5 The specific order described below is a limitation. It should be understood that in other embodiments, the order of some steps in the method can be interchanged according to actual needs, or some steps can be omitted or deleted. The method includes the following steps:

[0110] S501, Server 100 receives the application template package uploaded by electronic device 200.

[0111] In some embodiments, developers can create application template packages as needed. These template packages include pre-written code frameworks or code snippets to implement predefined functions. The electronic device 200 uploads the completed application template package to the server 100 based on user input. Correspondingly, the server 100 can receive the application template package uploaded by the electronic device 200.

[0112] Optionally, this application embodiment takes the application template package of HarmonyOS as an example to provide a detailed description of the detection method of the application template package.

[0113] For example, Figure 6 This is a schematic diagram of the basic package structure of the HarmonyOS application provided in an embodiment of this application. Figure 6 As shown, the basic package structure includes an AppScope directory, an Entry Module, and zero or more Feature Modules.

[0114] The configuration files in the AppScope directory are used to declare the application's global configuration information. This includes things like the application bundle name, application name, application icon, and application version number.

[0115] Entry modules are typically used to implement the application's entry interface, entry icon, and main functionalities. The `entry>src>main>resources` directory stores the resource files needed by this module. The `entry>src>main>ets` directory stores the module's ArkTS source code files (e.g., `.ets` files). Source code files can reference files in the resource files, provided the resource files exist.

[0116] Feature Modules are typically used to implement application features, and their specific directory functions are similar to those of Entry Modules.

[0117] In some embodiments, the application template package is an incomplete application package. Therefore, based on the above description of the basic package structure of HarmonyOS applications, the application template package obtained by server 100 is, for example, a part of this basic package structure.

[0118] For example, Figure 7 This is a schematic diagram of the development-state application project structure of the HarmonyOS application template package provided in this embodiment of the application. Figure 7 As shown, this application template package includes only one Feature Module. It can be seen that, compared to... Figure 6The basic package structure of the HarmonyOS application shown is missing the AppScope directory and the configuration files under the AppScope directory, as well as the Entry Module.

[0119] Alternatively, for example, the application template package is used to build such as Figure 8 The interface shown is a commonly used information flow interface. For example, after the application template package is implemented in the application, it can display something like this. Figure 8 The interface shown. Among them, as shown... Figure 7 As shown in the application project structure, the source code under feature>src>main>ets in the application template package needs to reference the images under feature>src>main>resources to achieve the desired display. Figure 8 The images shown in the interface. In the application template package detection method provided in this embodiment, the image resources in the application template package only include... Figure 8 Using the example of a partial image in the interface shown, where another portion of the images are missing, we will introduce the detection process for subsequent application template packages.

[0120] In some embodiments, after obtaining the application template package, the server 100 can perform static detection and dynamic detection on the application template package. The static detection process of the application template package is described below through step S502; the dynamic detection process of the application template package is described through steps S503-S504. It should be understood that the embodiments of this application do not limit the order in which the static detection process and the dynamic detection process are executed, that is, the embodiments of this application do not limit the order in which steps S502 and steps S503-S504 are executed.

[0121] The static detection process of the application template package is described in detail below.

[0122] S502, Server 100 obtains the static detection report of the application template package.

[0123] In some embodiments, after receiving the application template package, the server 100 can perform static detection on the application template package using static detection methods such as pattern matching to generate a static detection report for the application template package.

[0124] For example, refer to Figure 1 As shown, server 100 can match the application template package with a predefined template and obtain a static detection report of the application template package.

[0125] Optionally, static analysis may include one or more of the following: permission analysis, sensitive data leakage analysis, vulnerability analysis, malware detection, or security configuration assessment. Optionally, predefined templates may include potential issues arising from one or more of the following: permission analysis, sensitive data leakage analysis, vulnerability analysis, malware detection, or security configuration assessment.

[0126] The permission analysis function is used to detect the permissions requested by the application template package and to provide an explanation and evaluation of each permission.

[0127] Sensitive data breach analysis is used to detect whether sensitive information is stored or transmitted in plaintext within application template packages. Optionally, sensitive information may include passwords, API keys, etc.

[0128] Vulnerability analysis is used to detect common vulnerabilities that may exist in application template packages, such as SQL injection and cross-site scripting attacks.

[0129] Malicious code detection is used to detect whether there is known malicious code or malicious behavior in the application template package.

[0130] Security configuration assessment is used to evaluate the security configuration of application template packages, such as whether data encryption is enabled and whether debug flags are present.

[0131] Optionally, the static detection report may include at least one of the following: permission analysis results, first sensitive data leakage analysis results, vulnerability analysis results, malicious code detection results, or first security configuration assessment results.

[0132] It should be understood that the embodiments of this application do not impose specific limitations on the content included in the static detection report. For example, static detection may also include dependency analysis. Therefore, the static detection report may also include dependency analysis results. In this case, dependency analysis is used, for example, to detect whether the application template package has dependencies on SDKs, third-party libraries, etc.

[0133] Optionally, the static detection report includes a first problem identified in the application template package during the static detection process. Optionally, the first problem includes at least one of the following: a problem indicated by the permission analysis results, a problem indicated by the first sensitive data leakage analysis results, a problem indicated by the vulnerability analysis results, a problem indicated by the malicious code detection results, or a problem indicated by the first security configuration assessment results.

[0134] Optionally, such as Figure 9 As shown, step S502 includes, for example, steps S901-S903.

[0135] S901, The distribution module sends the application template package to the static detection module.

[0136] In some embodiments, after obtaining the application template package uploaded by the electronic device 200, the distribution module can send the application template package to the static detection module. Correspondingly, the static detection module can receive the application template package sent by the distribution module to trigger the static detection process of the application template package.

[0137] S902 The static detection module generates a static detection report for the application template package through static detection.

[0138] In some embodiments, after receiving the application template package, the static detection module can perform static detection on the application template package. Optionally, static detection methods may include, for example, pattern matching.

[0139] For example, based on Figure 7 The application template package shown in the table below demonstrates an application engineering structure. The static detection module can generate a static detection report, as shown in Table 1. This report indicates that the application template package has permission abnormalities, such as allowing applications created based on it to read contact data. It also indicates that the application template package has sensitive data leakage issues, such as the presence of plaintext keys. Furthermore, the report states that no abnormalities were detected in the application template package during vulnerability analysis, malware detection, and security configuration assessment. It can be seen that the first problems indicated by this static detection report in the application template package during static detection include: permission abnormalities indicated by the permission analysis results and sensitive data leakage issues indicated by the first sensitive data leakage analysis results.

[0140] Table 1

[0141]

[0142] S903, The static detection module sends a static detection report to the distribution module.

[0143] In some embodiments, after generating a static detection report, the static detection module can send the static detection report to the distribution module. Correspondingly, the distribution module receives the static detection report sent by the static detection module.

[0144] The following is a detailed description of the dynamic detection process of the application template package.

[0145] S503 and Server 100 generate application packages based on application template packages.

[0146] S504, Server 100 runs the application package and generates a dynamic detection report for the application template package.

[0147] In some embodiments, after receiving the application template package, the server 100 can modify the source code in the application template package using a preset method to generate a corresponding application package based on the application template package. Optionally, the application package is a compileable and runnable application package.

[0148] Optionally, the preset methods may include using pattern matching to perform compileability testing of the application template package and automated modification of the source code, or using manual methods to test and modify the source code. In this way, the server 100 can use preset methods to modify the application template package to generate a dynamically detectable application package, facilitating the subsequent generation of dynamic detection reports. This avoids the problem of low reliability in the output detection report due to the application template package's inability to be dynamically detected.

[0149] For example, server 100 performs compileability detection on application template packages using template matching. Optionally, the predefined rules in this pattern may include, for example, rule A and / or rule B. Rule A, for example, specifies that the directory structure of the application template package conforms to... Figure 6 The diagram shows the basic package structure of a HarmonyOS application. Rule B, for example, states that when a source code file in a FeatureModule (or Entry Module) of an application template package references a file in a resource file, the resource file exists. Taking a FeatureModule as an example, within the FeatureModule, the `feature>src>main>resources` directory stores the resource files needed by the module; `feature>src>main>ets` stores the module's ArkTS source code files.

[0150] Then, server 100 can perform compileability checks on the application template package using predefined rules A and B in the template, identifying any discrepancies between the application template package and the template. Afterward, server 100 automatically modifies the source code to correct these discrepancies and outputs the modified source code.

[0151] For example, server 100 can display the application project structure of the application template package, as well as related information. Then, users can manually inspect and modify the source code based on the content displayed by server 100.

[0152] Based on the above method, server 100 can obtain the modified source code, and then server 100 can package, compile, and sign the modified source code to generate an application package. Afterwards, server 100 can run the application package to output a test report.

[0153] Optionally, since server 100 modifies the source code in the application template package to generate the application package and then performs a dynamic detection process, the detection report of the application package obtained by server 100 may contain issues in the modified source code that are not part of the application template package's source code. Therefore, server 100 needs to remove these issues to obtain a dynamic detection report corresponding to the application template package. For example, server 100 may remove issues introduced by code changes in the application package's detection report based on the code changes of the application package relative to the application template package, and then generate a dynamic detection report.

[0154] Optionally, the dynamic detection report includes a second problem existing in the application package during dynamic operation. As described in step S502 above, the static detection report includes a first problem existing in the application template package during static detection. Optionally, the first problem and the second problem may be different or partially the same. Alternatively, the first problem and the second problem may be completely identical. It should be understood that the first problem and / or the second problem can be empty; for example, if no problem is detected during static and / or dynamic detection, the detection result of the corresponding detection item is "no abnormality detected".

[0155] Optionally, such as Figure 9 As shown below, the dynamic detection process of the application template package described in steps S503-S504 will be described in detail through steps S904-S912.

[0156] S904. The distribution module sends the application template package to the source code modification module.

[0157] In some embodiments, after obtaining the application template package uploaded by the electronic device 200, the distribution module can send the application template package to the source code modification module. Correspondingly, the source code modification module can receive the application template package sent by the distribution module to trigger a dynamic detection process for the application template package.

[0158] It should be understood that the execution order of steps S901 and S904 is not limited in the embodiments of this application.

[0159] S905. The source code modification module modifies the source code of the application template package according to the preset method.

[0160] In some embodiments, after obtaining the application template package, the source code modification module can modify the source code in the application template package using a preset method so that it can subsequently obtain the application package for compilation.

[0161] For example, based on such Figure 6 The basic package structure of the HarmonyOS application shown above, the source code modification module uses the predefined rules A and B in the template matching method mentioned above, to match... Figure 7Modify the source code in the application project structure of the application template package shown.

[0162] For example, based on rule A, the source code modification module embeds the application template package as a Feature Module into a pre-prepared application source code package. This application source code package includes the complete basic package structure and necessary configurations of the HarmonyOS application. The source code modification module can embed the application template package as an extended feature into the application source code package, and subsequently package it together with the application source code package.

[0163] For example, based on rule B, in the Feature Module of the application template package, the `feature>src>main>resources` directory is used to store the resource files required by the Module; `feature>src>main>ets` is used to store the Module's ArkTS source code files. As described above... Figure 8 Due to image copyright issues, the resource file only includes a portion of the images, excluding the rest. For example, the resource file might include an image address pointing to the storage location of the other portion of images, allowing the application to retrieve those images later. The source code modification module can then replace the image addresses reserved in the application template package with preset addresses. Optionally, the preset address could be, for example, the address of an image pre-set in the sandbox environment where the application runs during dynamic detection. This way, after address replacement, the application can access the required image resources later.

[0164] S906. The source code modification module sends the modified source code to the compilation and signing module.

[0165] In some embodiments, after modifying the source code, the source code modification module can send the modified source code to the compilation and signing module. Correspondingly, the compilation and signing module receives the modified source code sent by the source code modification module.

[0166] S907, the compilation and signing module generates the application package based on the modified source code.

[0167] In some embodiments, after receiving the modified source code, the compilation and signing module can compile, package, and sign the modified source code to generate the corresponding application package.

[0168] Since the source code cannot be run directly and needs to be compiled and packaged before it can be executed, the compilation and signing module needs to compile and package the modified source code after obtaining it.

[0169] The compilation and signing module, for example, uses a hash algorithm to sign the compiled and packaged application package, enabling subsequent identification of the application package's integrity and identity based on the signature. Optionally, signing the modified source code is an optional step.

[0170] S908, the compilation and signing module sends the application package to the dynamic detection module.

[0171] In some embodiments, after generating the application package, the compilation and signing module can send the application package to the dynamic detection module. Correspondingly, the dynamic detection module receives the application package sent by the compilation and signing module to trigger the dynamic detection process of the application package.

[0172] S909 The dynamic detection module performs dynamic detection on the application package and generates a detection report for the application package.

[0173] In some embodiments, after receiving the application package, the dynamic detection module can run the application corresponding to the application package on a cloud phone or real device with a sandbox system installed. Combining the principles of vulnerability and risk triggering, it can use dynamic debugging tools or automated attack scripts to dynamically simulate attacks on the application and detect the application's operation to verify the risks and vulnerabilities existing in the application.

[0174] Optionally, to avoid issues with the inability to detect the performance of application template packages on different devices, the dynamic detection module can pre-configure various types of sandbox environments. After installing the application package in a sandbox environment, the dynamic detection module can perform dynamic detection of the application corresponding to the package in different runtime environments. Optionally, the server 100 can generate different dynamic detection reports for different types of sandbox environments; or, generate a single dynamic detection report.

[0175] For example, the dynamic detection module installs the application package in a pre-prepared sandbox environment. Then, during dynamic detection, the module interacts with the application in various ways, such as launching different pages within the application, simulating interface clicks, and simulating system broadcast notifications. In this process, it collects data generated by the application during runtime to analyze whether the application has security vulnerabilities, malicious behavior, privacy risks, or other security issues. The data generated by the application during runtime includes, for example, network requests, file accesses, sensor data, and system logs.

[0176] Optionally, dynamic detection of the application package may include one or more of the following: runtime behavior analysis, network communication analysis, sensitive data leakage analysis, malicious behavior detection, and security configuration assessment.

[0177] Runtime behavior analysis is used to record the actual running behavior of applications on the device, such as network communication and file operations.

[0178] Network communication analysis is used to detect network communication between an application and its corresponding application server, including detecting request and response data.

[0179] Sensitive data breach analysis is used to detect whether sensitive information is transmitted or stored in plaintext during application operation.

[0180] Malicious behavior detection is used to detect whether an application exhibits malicious behavior during operation, such as stealing user information or sending text messages.

[0181] Security configuration assessment is used to evaluate the security configuration of an application during operation, such as whether data encryption is enabled and whether debug flags are present.

[0182] Optionally, the dynamic detection report may include at least one of the following: runtime behavior analysis results, network communication analysis results, second sensitive data leakage analysis results, malicious behavior detection results, or second security configuration assessment results.

[0183] It should be understood that the embodiments of this application do not impose specific limitations on the content included in the dynamic detection report. The dynamic detection process of the application package can also refer to the dynamic detection process of the application package in the prior art.

[0184] Optionally, the dynamic detection report includes a second problem that exists in the application package during dynamic operation, including at least one of the following: a problem indicated by runtime behavior analysis results, a problem indicated by network communication analysis results, a problem indicated by the second sensitive data leakage analysis results, a problem indicated by malicious behavior detection results, or a problem indicated by the second security configuration assessment results.

[0185] For example, based on Figure 7 The application template package's application project structure and the modifications made to its source code, as shown above, allow the dynamic detection module to generate a detection report for the application package, as illustrated in Table 2. This report indicates that the application template package exhibits abnormal behavior during runtime assessment, such as: Problem 1: Upon opening the application, it reads all contact information; Problem 2: During application runtime, it accesses local images within the sandbox. The report also indicates that no anomalies were detected during network communication analysis, sensitive data leakage detection, malicious code detection, and security configuration assessment. It can be seen that the second problem indicated by this dynamic detection report during dynamic operation of the application package includes the abnormal behavior issues indicated by the runtime behavior analysis results.

[0186] Table 2

[0187]

[0188] S910, the dynamic detection module sends the application package detection report to the source code modification module.

[0189] In some embodiments, after obtaining the application package's detection report, the dynamic detection module can send the application package's detection report to the source code modification module. Correspondingly, the source code detection module can receive the application package's detection report sent by the dynamic detection module to trigger the application package's detection report correction process.

[0190] S911 The source code modification module removes issues introduced by source code modifications from the application package's detection report and generates a dynamic detection report for the application template package.

[0191] In some embodiments, the application package's detection report is obtained based on the application's runtime analysis. The code in the application package includes code corresponding to the application template package and code added by the source code modification module. Therefore, the problems indicated in the application package's detection report may include issues corresponding to the application template package and / or problems introduced due to source code modifications. Upon receiving the application package's detection report, the source code modification module can, based on previous modifications to the source code, remove the problems introduced by the source code modifications from the application package's detection report to generate a dynamic detection report for the application template package.

[0192] For example, the source code modification module obtains the application package's detection report as shown in Table 2 above. The AppScope directory and Entry Module in the application package are contents implanted by the source code modification module in step S905 above, and are not contents originally carried by the application template package. Therefore, the source code modification module can remove the report content introduced by these corresponding codes from the application package's detection report. As shown in Table 2 above, the application package's detection report does not include the report content introduced by these corresponding codes, therefore the source code modification module does not need to remove the relevant report content.

[0193] Furthermore, in step S905 above, the source code modification module also modifies the application template package, replacing the reserved image addresses in the application template package with preset addresses. Therefore, the issues corresponding to the preset addresses are caused by the source code modification module, not by the original content of the application template package. As shown in Table 2 above, the runtime behavior evaluation in the application's detection report includes issues corresponding to the preset addresses, such as "When the application runs, it accesses local images in the sandbox" (as in issue 2 above). Therefore, the source code modification module can remove this part of the content.

[0194] Based on this, the source code modification module can obtain the dynamic detection report of the application template package as shown in Table 3 below.

[0195] Table 3

[0196]

[0197] S912, The source code modification module sends a dynamic detection report to the distribution module.

[0198] In some embodiments, after obtaining the dynamic detection report of the application template package, the source code modification module may send the dynamic detection report to the distribution module. Correspondingly, the distribution module receives the dynamic detection report sent by the source code modification module.

[0199] The static and dynamic detection processes of the application template package have been introduced above. The following section will provide a detailed introduction to the process of generating the target detection report of the application template package.

[0200] Based on the static and dynamic detection reports, S505 and server 100 generate target detection reports for the application template package.

[0201] In some embodiments, after obtaining the static detection report and the dynamic detection report, the server 100 can generate a target detection report for the application template package based on the static detection report and the dynamic detection report.

[0202] Optionally, such as Figure 9 As shown in step S913, server 100 can generate target detection report of application template package based on static detection report and dynamic detection report through distribution module.

[0203] In some examples, the static and dynamic detection reports contain the same detection items. In such cases, server 100 can merge these identical detection items from both reports to generate the target detection report for the application template package. For instance, server 100 can merge the detection results of identical detection items from two reports to generate the target detection report, ensuring complete results without redundancy. It should be understood that the target detection report also includes the detection items and corresponding results that differ between the static and dynamic reports.

[0204] Optionally, for the same testing item, the static testing report and the dynamic testing report may include the same or different testing results. Therefore, after merging the testing items, if the testing item presents different testing results in the static testing report and the dynamic testing report, the server 100 can integrate the testing results, and the target testing report can include the testing results of the merged testing item presented in both the static and dynamic testing reports.

[0205] For example, for a permission analysis and detection project, the static detection report includes issue A, and the dynamic detection report includes both issue A and issue B. Therefore, the server100 integrated target detection report will include the permission analysis and detection project, and the corresponding detection results will include both issue A and issue B. Again, for a permission analysis and detection project, the static detection report includes issue A, and the dynamic detection report includes issue A. Therefore, the server100 integrated target detection report will include the permission analysis and detection project, and the corresponding detection results will include issue A. Yet another example: for a permission analysis and detection project, no issue was detected in the static detection report, but issue A was included in the dynamic detection report. Therefore, the server100 integrated target detection report will include the permission analysis and detection project, and the corresponding detection results will include issue A.

[0206] For example, as described in step S903 above, the distribution module can obtain the static detection report shown in Table 1. As described in step S903 above, the distribution module can also obtain the dynamic detection report shown in Table 3. Therefore, the distribution module can integrate the static and dynamic detection reports. For example, detection items such as sensitive data leakage analysis and security configuration assessment may exist in both the static and dynamic detection reports. Therefore, the distribution module can merge these detection items to obtain the target detection report of the application template package shown in Table 4 below.

[0207] Optionally, as shown in Table 4 below, the target detection report for the application template package may also include a scan log to facilitate understanding of the entire detection process. For example, the scan log records all steps of static and dynamic detection, along with their corresponding execution times, in chronological order. This includes steps such as scanning permission declaration files, modifying the upload package code, packaging the application, and installing the application into the sandbox environment.

[0208] As can be seen, by combining the dynamic detection process, Server 100 discovered a problem in the application template package that was not detected during the static detection process: the application template package had a runtime behavior of unnecessarily reading all contact information. This made up for the loopholes in the static detection and improved the reliability of the output detection report.

[0209] Table 4

[0210]

[0211] Thus, Server 100 can perform not only static analysis of application template packages but also dynamic analysis. By combining the results of static and dynamic analysis, it can discover hidden malicious behaviors, runtime vulnerabilities, and other security issues. Furthermore, it can counter anti-debugging and anti-analysis techniques, avoiding the low accuracy issues caused by existing technologies that can bypass pattern matching and other static analysis methods. Through more comprehensive and in-depth security and privacy analysis of application template packages, the security and privacy compliance of application template packages and applications using them are ultimately improved.

[0212] In other examples, the static and dynamic detection reports may not contain the same detection items. In such cases, server 100 can directly merge the static and dynamic detection reports to generate the target detection report for the application template package.

[0213] In some embodiments, the static and / or dynamic detection reports may also contain detections for non-critical issues. After obtaining the static and dynamic detection reports, the server 100 can integrate the detection results of the critical detection items from both reports to generate a target detection report. The server 100 pre-configures critical and non-critical detection items to facilitate subsequent differentiation of which items need to be integrated. Optionally, the server 100 can also output another detection report to present the detection results of non-critical detection items, helping developers gain a more comprehensive understanding of the application template package's detection status. In some embodiments, as described in step S504 above, the server 100 runs the application package corresponding to the application template package in different types of sandbox environments and generates multiple dynamic detection reports. Therefore, in step S505, the server 100 can also generate target detection reports corresponding to different types of sandbox environments based on the static detection reports and different dynamic detection reports. Alternatively, the server 100 can generate a target detection report based on the static detection reports and all dynamic detection reports.

[0214] The above combination Figures 4-9 This application provides a detailed description of the application template package detection method. The following is in conjunction with... Figure 10 The server provided in the embodiments of this application is described in detail.

[0215] In one possible design, Figure 10 This is a schematic diagram of the server structure provided in an embodiment of this application. Figure 10 As shown, server 1000 may include a transceiver unit 1001 and a processing unit 1002. Server 1000 can be used to implement the functions of server 100 involved in the above method embodiments.

[0216] Optionally, the transceiver unit 1001 is used to support the server 1000 in performing operations. Figure 5 S501 in the middle.

[0217] Optionally, the processing unit 1002 is used to support the execution of the server 1000. Figure 5 S502-S505; and / or, used to support server 1000 execution Figure 9 S901-S913 in the series.

[0218] The transceiver unit may include a receiving unit and a sending unit, and may be implemented by a transceiver or transceiver-related circuit components, and may be a transceiver or transceiver module. The operation and / or function of each unit in server 1000 are respectively to implement the corresponding process of the application template packet detection method described in the above method embodiments. All relevant content of each step involved in the above method embodiments can be referred to the functional description of the corresponding functional unit, and will not be repeated here for the sake of brevity.

[0219] Optionally, Figure 10 The server 1000 shown may also include a storage unit ( Figure 10 (not shown in the image), this storage unit stores a program or instruction. When the transceiver unit 1001 and the processing unit 1002 execute the program or instruction, it causes... Figure 10 The server 1000 shown can execute the application template package detection method described in the above method embodiments.

[0220] Figure 10 The technical effect of the server 1000 shown can be referred to the technical effect of the application template package detection method described in the above method embodiment, and will not be repeated here.

[0221] Besides being in the form of server 1000, the technical solution provided in this application can also be a functional unit or chip in a server, or a device used in conjunction with a server.

[0222] This application also provides a chip system, including: a processor coupled to a memory, the memory being used to store programs or instructions, which, when executed by the processor, cause the chip system to implement the methods in any of the above method embodiments.

[0223] Optionally, the chip system may contain one or more processors. These processors can be implemented in hardware or software. When implemented in hardware, the processor can be a logic circuit, an integrated circuit, etc. When implemented in software, the processor can be a general-purpose processor, implemented by reading software code stored in memory.

[0224] Optionally, the chip system may contain one or more memories. The memory may be integrated with the processor or disposed separately from it; this application embodiment does not limit this. For example, the memory may be a non-transient processor, such as a read-only memory (ROM), which may be integrated with the processor on the same chip or disposed separately on different chips. This application embodiment does not specifically limit the type of memory or the arrangement of the memory and processor.

[0225] For example, the chip system may be a field programmable gate array (FPGA), an application specific integrated circuit (ASIC), a system on chip (SoC), a central processor unit (CPU), a network processor (NP), a digital signal processor (DSP), a micro controller unit (MCU), a programmable logic device (PLD), or other integrated chips.

[0226] It should be understood that each step in the above method embodiments can be completed by integrated logic circuits in the processor hardware or by instructions in software form. The method steps disclosed in the embodiments of this application can be directly manifested as being executed by a hardware processor, or being executed by a combination of hardware and software modules in the processor.

[0227] This application also provides a computer-readable storage medium storing a computer program. When the computer program is run on a computer, it causes the computer to perform the aforementioned related steps to implement the application template package detection method described above.

[0228] This application also provides a computer program product that, when run on a computer, causes the computer to perform the aforementioned related steps to implement the application template package detection method described above.

[0229] In addition, this application also provides an apparatus. Specifically, the apparatus may be a component or module, and may include one or more processors and a memory connected together. The memory stores a computer program. When the computer program is executed by one or more processors, the apparatus performs the application template package detection method described in the above method embodiments.

[0230] The apparatus, computer-readable storage medium, computer program product, or chip provided in the embodiments of this application are all used to execute the corresponding methods provided above. Therefore, the beneficial effects they can achieve can be referred to the beneficial effects of the corresponding methods provided above, and will not be repeated here.

[0231] The steps of the methods or algorithms described in conjunction with the embodiments of this application can be implemented in hardware or by a processor executing software instructions. The software instructions can consist of corresponding software modules, which can be stored in random access memory (RAM), flash memory, read-only memory (ROM), erasable programmable read-only memory (EPROM), electrically erasable programmable read-only memory (EEPROM), registers, hard disks, portable hard disks, CD-ROMs, or any other form of storage medium well known in the art. An exemplary storage medium is coupled to a processor, enabling the processor to read information from and write information to the storage medium. Of course, the storage medium can also be a component of the processor. The processor and the storage medium can reside in an application-specific integrated circuit (ASIC).

[0232] Through the above description of the embodiments, those skilled in the art will clearly understand that, for the sake of convenience and brevity, the division of the above functional modules is only used as an example. In practical applications, the above functions can be assigned to different functional modules as needed; that is, the internal structure of the device can be divided into different functional modules to complete all or part of the functions described above. The specific working process of the system, device, and unit described above can be referred to the corresponding process in the foregoing method embodiments, and will not be repeated here.

[0233] In the several embodiments provided in this application, it should be understood that the disclosed methods can be implemented in other ways. The device embodiments described above are merely illustrative. For example, the division of modules or units is only a logical functional division, and there may be other division methods in actual implementation; for example, multiple units or components may be combined or integrated into another system, or some features may be ignored or not executed. In addition, the mutual coupling or direct coupling or communication connection shown or discussed may be through some interfaces, and the indirect coupling or communication connection of modules or units may be electrical, mechanical or other forms.

[0234] Furthermore, the functional units in the various embodiments of this application can be integrated into one processing unit, or each unit can exist physically separately, or two or more units can be integrated into one unit. The integrated unit can be implemented in hardware or as a software functional unit.

[0235] Computer-readable storage media include, but are not limited to, any of the following: USB flash drive, portable hard drive, read-only memory (ROM), random access memory (RAM), magnetic disk or optical disk, and other media capable of storing program code.

[0236] The above description is merely a specific embodiment of this application, but the scope of protection of this application is not limited thereto. Any changes or substitutions within the technical scope disclosed in this application should be included within the scope of protection of this application. Therefore, the scope of protection of this application should be determined by the scope of the claims.

Claims

1. A method for detecting application template packages, characterized in that, The method is applied to a server, and the method includes: Receive application template packages sent by electronic devices; Obtain the static detection report of the application template package, the static detection report including the first problem found in the application template package during the static detection process; Generate an application package based on the application template package; Run the application package to generate a dynamic detection report of the application template package, the dynamic detection report including a second problem that exists in the application package during dynamic operation; Based on the static detection report and the dynamic detection report, a target detection report for the application template package is generated.

2. The method according to claim 1, characterized in that, The step of generating an application package based on the application template package includes: The application package is generated by modifying the source code in the application template package using a preset method; wherein the preset method includes using pattern matching to detect the compilability of the application template package and modify the source code, or using manual methods to detect and modify the source code.

3. The method according to claim 2, characterized in that, The pattern matching method includes predefined rules, which include that the structure of the application template package conforms to the corresponding application package body structure requirements, and / or that the resource files referenced by the source code files in the application template package exist in the application template package.

4. The method according to claim 2 or 3, characterized in that, The step of generating an application package based on the application template package further includes: The modified source code is compiled and packaged to generate the application package.

5. The method according to any one of claims 2-4, characterized in that, The application package also includes a signature.

6. The method according to any one of claims 1-5, characterized in that, The process of running the application package and generating a dynamic detection report for the application template package includes: Run the application package and generate a test report for the application package; Based on the code changes of the application package relative to the application template package, the problems introduced by the code changes in the application package's detection report are removed, and the dynamic detection report is generated.

7. The method according to any one of claims 1-6, characterized in that, The process of running the application package and generating a dynamic detection report for the application template package includes: The application package is run in different types of sandbox environments to generate dynamic detection reports for the application template package.

8. The method according to any one of claims 1-7, characterized in that, The static detection report includes at least one of the following: permission analysis results, first sensitive data leakage analysis results, vulnerability analysis results, malicious code detection results, or first security configuration assessment results; The dynamic detection report includes at least one of the following: runtime behavior analysis results, network communication analysis results, second sensitive data leakage analysis results, malicious behavior detection results, or second security configuration assessment results.

9. The method according to claim 8, characterized in that, The first problem includes at least one of the following: a problem indicated by the permission analysis result, a problem indicated by the first sensitive data leakage analysis result, a problem indicated by the vulnerability analysis result, a problem indicated by the malicious code detection result, or a problem indicated by the first security configuration assessment result; The second problem includes at least one of the following: a problem indicated by the runtime behavior analysis results, a problem indicated by the network communication analysis results, a problem indicated by the second sensitive data leakage analysis results, a problem indicated by the malicious behavior detection results, or a problem indicated by the second security configuration assessment results.

10. The method according to any one of claims 1-9, characterized in that, The step of obtaining the static detection report of the application template package includes: The application template package is matched using a predefined pattern to obtain a static detection report of the application template package.

11. The method according to any one of claims 1-10, characterized in that, The step of generating a target detection report for the application template package based on the static detection report and the dynamic detection report includes: Merge identical detection items from the static detection report and the dynamic detection report to generate the target detection report for the application template package.

12. The method according to any one of claims 1-11, characterized in that, The target detection report also includes the scan log of the application template package. The scan log records all steps of static detection and dynamic detection and their corresponding execution times in chronological order. The static detection is used to generate the static detection report, and the dynamic detection is used to generate the dynamic detection report.

13. A server, characterized in that, include: A processor and a memory coupled to the processor, the memory being used to store computer program code, the computer program code including computer instructions, which, when the processor reads the computer instructions from the memory, cause the server to perform the method as described in any one of claims 1-12.

14. A computer-readable storage medium, characterized in that, The computer-readable storage medium includes a computer program that, when run on an electronic device, causes the electronic device to perform the method as described in any one of claims 1-12.

15. A computer program product, characterized in that, When the computer program product is run on a computer, it causes the computer to perform the method as described in any one of claims 1-12.