METHOD AND SYSTEM FOR MONITORING APPLICATION PROGRAM OF MOBILE DEVICE

US 20140242945A1
Filed: 11/09/2012
Published: 08/28/2014
Est. Priority Date: 11/15/2011
Status: Active Grant

First Claim

Patent Images

1. A method for monitoring an application in a mobile device, comprising the following steps of:

a) creating a simulated system service;

b) establishing a connection with a function in a device driver that manages an Input/Output (I/O) channel of the device;

c) intercepting data transmitted from the application to the function in the device driver that manages the I/O channel of the device;

d) replacing, based on the intercepted data, a system service requested by the application with a corresponding simulated system service and transmitting the data to the simulated system service; and

e) recording a request received by the simulated system service and forwarding the request to an analysis module for analysis.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure provides a method and system for monitoring an application. The method comprises creating a simulated system service; establishing a connection with a function in a device driver that manages an Input/Output (I/O) channel of the device; intercepting data transmitted from the application to the function in the device driver that manages the I/O channel of the device; replacing, based on the intercepted data, a system service requested by the application with a corresponding simulated system service; and recording a request received by the simulated system service and forwarding the request to an analysis module for analysis. The present disclosure is advantageous in that the system request is intercepted during the Binder communication process of the system and the simulated system layer service is used for analyzing the behavior features of the application in the Android operating system. In contrast to other application blocking techniques, the method and system according to the present disclosure do not disturb the normal operation of the application.

24 Citations

View as Search Results

10 Claims

1. A method for monitoring an application in a mobile device, comprising the following steps of:
- a) creating a simulated system service;
  
  b) establishing a connection with a function in a device driver that manages an Input/Output (I/O) channel of the device;
  
  c) intercepting data transmitted from the application to the function in the device driver that manages the I/O channel of the device;
  
  d) replacing, based on the intercepted data, a system service requested by the application with a corresponding simulated system service and transmitting the data to the simulated system service; and
  
  e) recording a request received by the simulated system service and forwarding the request to an analysis module for analysis.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the step e) comprises:
    - creating a proxy service between a service at a system layer and a service at an application layer;
      
      registering an application service in the proxy service; and
      
      converting the request recorded by the simulated system service at the system layer into a request visible at the application layer.
  - 3. The method of claim 1, wherein the step c) comprises:
    - reading the data from a data reception buffer in a system driving device for communication between system processes.
  - 4. The method of claim 3, wherein the system driving device for communication between system processes is a binder kernel driving device in an Android operating system.
  - 5. The method of claim 2, further comprising:
    - presenting, by the analysis module, the request visible at the application layer to a user and prompting the user to select to authorize or prohibit an operation associated with the request.
  - 6. The method of claim 5, further comprising:
    - converting, when the user selects to authorize the operation, the request visible at the application layer along with an authorization instruction into a request for the simulated system service at the system layer, so as to cause the corresponding system service to execute the operation associated with the request;
      
      orterminating the operation when the user selects to prohibit the operation.
  - 7. The method of claim 2, further comprising:
    - creating a user rule database and storing a name of the application, a type of the operation and a selection by the user in the user rule database.
  - 8. The method of claim 7, further comprising:
    - searching, by the analysis module after receiving the request visible at the application layer, the user rule database for a user rule associated with the application and automatically authorizing or prohibiting the operation associated with the request based on the user rule.

9. A system for monitoring an application in a mobile device, comprising a client installed in the mobile device, the client comprising a simulated system service module, a function hook module, a proxy service module, an analysis module and a user rule database, wherein:
- the simulated system service module corresponds to a system service module in an operating system of the mobile device;
  
  the function hook module, communicative with a kernel of the operating system of the mobile device, establishes a connection with a function in a device driver that manages an Input/Output (I/O) channel of the device, intercepts data transmitted from the application to the function in the device driver that manages the I/O channel of the device, and forwards, based on the intercepted data, a system service requested by the application to the corresponding simulated system service module;
  
  the proxy service module, communicative with the simulated system service module, communicates between a service at a system layer and a service at an application layer and converts the request recorded by the simulated system service at the system layer into a request visible at the application layer; and
  
  the analysis module, communicative with the proxy service module and the user rule database, reads an operation requested by the application, and authorizes or prohibits the operation requested by the application based on a rule stored in the user rule database or based on a selection by a user in response to a prompt.
- View Dependent Claims (10)
- - 10. The system of claim 9, wherein, when the analysis module authorizes the operation requested by the application, the proxy service module converts the request visible at the application layer along with an authorization or prohibition instruction into a request for the simulated system service at the system layer, and the simulated system service invokes the corresponding system service to execute the operation associated with the request;
    - orwhen the analysis module prohibits the operation requested by the application, the operation is terminated and the request is not forwarded to the corresponding system service for processing, thereby blocking the request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Beijing Netqin Technology Company Limited
Original Assignee
Beijing Netqin Technology Company Limited
Inventors
Zeng, Yang, Yang, Wei, Chen, Yaowei, Lin, Yu, Zou, Shihong, Shi, Huaguo

Granted Patent

US 9,313,216 B2
Time in Patent Office

Days
Field of Search
US Class Current

455/410
CPC Class Codes

G06F 21/53   by executing in a restricte...

H04L 63/1408   by monitoring network traff...

H04L 63/168   above the transport layer

METHOD AND SYSTEM FOR MONITORING APPLICATION PROGRAM OF MOBILE DEVICE

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

24 Citations

10 Claims

Specification

Solutions

Use Cases

Quick Links

METHOD AND SYSTEM FOR MONITORING APPLICATION PROGRAM OF MOBILE DEVICE

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

24 Citations

10 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links