METHOD AND SYSTEM FOR MONITORING APPLICATION PROGRAM OF MOBILE DEVICE
First Claim
1. A method for monitoring an application in a mobile device, comprising the following steps of:
- a) creating a simulated system service;
b) establishing a connection with a function in a device driver that manages an Input/Output (I/O) channel of the device;
c) intercepting data transmitted from the application to the function in the device driver that manages the I/O channel of the device;
d) replacing, based on the intercepted data, a system service requested by the application with a corresponding simulated system service and transmitting the data to the simulated system service; and
e) recording a request received by the simulated system service and forwarding the request to an analysis module for analysis.
1 Assignment
0 Petitions
Accused Products
Abstract
The present disclosure provides a method and system for monitoring an application. The method comprises creating a simulated system service; establishing a connection with a function in a device driver that manages an Input/Output (I/O) channel of the device; intercepting data transmitted from the application to the function in the device driver that manages the I/O channel of the device; replacing, based on the intercepted data, a system service requested by the application with a corresponding simulated system service; and recording a request received by the simulated system service and forwarding the request to an analysis module for analysis. The present disclosure is advantageous in that the system request is intercepted during the Binder communication process of the system and the simulated system layer service is used for analyzing the behavior features of the application in the Android operating system. In contrast to other application blocking techniques, the method and system according to the present disclosure do not disturb the normal operation of the application.
24 Citations
10 Claims
-
1. A method for monitoring an application in a mobile device, comprising the following steps of:
-
a) creating a simulated system service; b) establishing a connection with a function in a device driver that manages an Input/Output (I/O) channel of the device; c) intercepting data transmitted from the application to the function in the device driver that manages the I/O channel of the device; d) replacing, based on the intercepted data, a system service requested by the application with a corresponding simulated system service and transmitting the data to the simulated system service; and e) recording a request received by the simulated system service and forwarding the request to an analysis module for analysis. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A system for monitoring an application in a mobile device, comprising a client installed in the mobile device, the client comprising a simulated system service module, a function hook module, a proxy service module, an analysis module and a user rule database, wherein:
-
the simulated system service module corresponds to a system service module in an operating system of the mobile device; the function hook module, communicative with a kernel of the operating system of the mobile device, establishes a connection with a function in a device driver that manages an Input/Output (I/O) channel of the device, intercepts data transmitted from the application to the function in the device driver that manages the I/O channel of the device, and forwards, based on the intercepted data, a system service requested by the application to the corresponding simulated system service module; the proxy service module, communicative with the simulated system service module, communicates between a service at a system layer and a service at an application layer and converts the request recorded by the simulated system service at the system layer into a request visible at the application layer; and the analysis module, communicative with the proxy service module and the user rule database, reads an operation requested by the application, and authorizes or prohibits the operation requested by the application based on a rule stored in the user rule database or based on a selection by a user in response to a prompt. - View Dependent Claims (10)
-
Specification