CN112261660B - Android mobile phone end application proxy access security control method - Google Patents
Android mobile phone end application proxy access security control method Download PDFInfo
- Publication number
- CN112261660B CN112261660B CN202011111191.0A CN202011111191A CN112261660B CN 112261660 B CN112261660 B CN 112261660B CN 202011111191 A CN202011111191 A CN 202011111191A CN 112261660 B CN112261660 B CN 112261660B
- Authority
- CN
- China
- Prior art keywords
- application
- sdk
- mobile phone
- proxy
- integrated
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
- 238000000034 method Methods 0.000 title claims abstract description 36
- 230000005540 biological transmission Effects 0.000 claims description 6
- 238000001914 filtration Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 4
- 230000001413 cellular effect Effects 0.000 description 2
- 238000005516 engineering process Methods 0.000 description 2
- 230000007547 defect Effects 0.000 description 1
- 230000010354 integration Effects 0.000 description 1
- 238000010295 mobile communication Methods 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012856 packing Methods 0.000 description 1
- 238000006467 substitution reaction Methods 0.000 description 1
Landscapes
- Mobile Radio Communication Systems (AREA)
- Telephone Function (AREA)
Abstract
The invention discloses an android mobile phone end application proxy access security control method. Intercepting a system bottom network data IO read-write method according to an interception scheme by an SDK integrated in an application while the application is started, and acquiring all flow information transmitting ports; judging an application sending information through an SDK integrated in the proxy service while receiving the information sent by the application by a proxy service interface, and storing all data ports of the application sending the information; and comparing the sending port with the application data port intercepted by the integrated SDK while forwarding data by the proxy service, releasing the connection of the corresponding port of the integrated SDK and interrupting other connections. The invention can solve the problems that the system can not judge which application accesses the proxy service and can not control the application on the mobile phone to access the started proxy service.
Description
Technical Field
The invention relates to the technical field of mobile communication, in particular to an android mobile phone end application proxy access security control method.
Background
An intelligent mobile device based on an android system, which is represented by an android mobile phone, is one of the current main internet access devices. Android devices access the internet mainly through wireless local area networks and mobile cellular data networks (GPRS, CDMA, 3G, 4G, etc.). Because of the policy that wireless network access service providers charge for communication traffic, the use of mobile cellular data networks has the potential to incur high communication charges, most android device users need to manage the network communications of the device. The android system provides a user function of connecting and disconnecting a mobile data network, but the basic management function of such a full-on and full-off cannot meet the needs of most people to selectively use the network.
In order to solve the above problems, a Chinese patent with a name of android system non-super user permission disclosed by patent number 201410265628.4 discloses a method, a device and a system for filtering data packets, wherein the filtering method comprises the following steps: reading a data packet intercepted by a virtual kernel device TUN started in advance according to a default routing strategy; determining an application program APP to which the data packet belongs according to the IP quintuple of the data packet; determining a filtering rule of a data packet according to a preset filtering rule table and an application program APP to which the data packet belongs; and filtering the data packet according to the filtering rule. The data packet can be filtered according to a default rule or the requirement of a user according to the filtering rule table, so that selective network communication is realized.
And the proxy is a common android client proxy forwarding scheme: an application accesses a proxy service, and even if the proxy service is dedicated to one of the applications, other applications can still access the proxy service for data forwarding. Thus, the system cannot determine which application accessed the proxy service and cannot control the access of the application on the mobile phone to the initiated proxy service.
Disclosure of Invention
Aiming at the defects of the prior art, the invention discloses an android mobile phone end application proxy access security control method, which can solve the problems that a system cannot judge which application accesses proxy service and cannot control the application on a mobile phone to access the started proxy service.
In order to achieve the above purpose, the invention is realized by the following technical scheme:
the android mobile phone end application proxy access security control method comprises the following steps of
S1: when an application is started, intercepting a system bottom network data IO read-write method according to an interception scheme by an SDK integrated in the application and acquiring all flow information sending ports;
s2: judging an application sending information through an SDK integrated in the proxy service while receiving the information sent by the application by a proxy service interface, and storing all data ports of the application sending the information;
S3: and comparing the sending port with the application data port intercepted by the integrated SDK while forwarding data by the proxy service, releasing the connection of the corresponding port of the integrated SDK and interrupting other connections.
In the preferred technical scheme, in the step S1, the interception scheme includes that S11 intercepts a sending port according to an access ip or a domain name, S12 intercepts application accesses according to application configuration, and S13 obtains application related information according to an integrated SDK to perform application registration to distinguish applications.
In a preferred embodiment, in step S1, all traffic information transmissions sent from the application transmit data via TCP.
In a preferred technical solution, in the step S2, all traffic information transmissions received by the proxy service receive data through TCP.
In a preferred technical solution, in the step S2, the SDK integrated in the application notifies the SDK integrated in the proxy service, and the proxy server controls the data of the application according to the feedback of the SDK integrated in the proxy service.
In the preferred technical scheme, in the step S1, an android mobile phone end application module is provided, and a first SDK module is integrated in the android mobile phone end application module.
In the preferred technical scheme, in the step S1, a proxy service module is provided, a second SDK module is collected in the proxy service module, and the second SDK module is communicatively connected with a plurality of the first SDK modules.
The invention discloses an android mobile phone end application proxy access security control method, which has the following advantages:
when the access control method is used for An Zhuoben machine multiple applications to access the same proxy service port, the source port authentication is carried out on the applications which are permitted to access, so that only authorized applications can complete the security control of the access.
The integration mode can integrate our technology in various modes of black box packing and SDK, and supports the mainstream access mode. The technology is realized by adopting an interception mode, is relatively friendly to application access, and does not need to be changed. The content of the transmission protocol is not changed, and the compatibility is high. Compared with the traditional proxy scheme, the security in the forwarding process is increased, all traffic is prevented from accessing the service through the forwarding service, and malicious attack of access is avoided.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions in the embodiments of the present invention will be clearly and completely described below, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments.
All other embodiments, which can be made by those skilled in the art based on the embodiments of the invention without making any inventive effort, are intended to be within the scope of the invention.
The android mobile phone end application proxy access security control method provided by the embodiment of the invention comprises the following steps of
S1: when an application is started, intercepting a system bottom network data IO read-write method according to an interception scheme by an SDK integrated in the application and acquiring all flow information sending ports;
s2: judging an application sending information through an SDK integrated in the proxy service while receiving the information sent by the application by a proxy service interface, and storing all data ports of the application sending the information;
S3: and comparing the sending port with the application data port intercepted by the integrated SDK while forwarding data by the proxy service, releasing the connection of the corresponding port of the integrated SDK and interrupting other connections.
The intercepting scheme in the step S1 includes that S11 intercepts a sending port according to an access ip or a domain name, S12 intercepts application accesses according to application configuration, and S13 registers applications according to application related information acquired in an integrated SDK to distinguish applications
In order to facilitate the application to send out all traffic information, all traffic information transmissions sent out from the application in step S1 send data over TCP. In order to facilitate the proxy service to receive all traffic information, all traffic information transmissions received by the proxy service in said step S2 receive data via TCP.
The SDK integrated in the application notifies the SDK integrated in the proxy service in step S2, and the proxy server controls data of the application according to feedback of the SDK integrated in the proxy service.
Specifically, in order to carry out the above solution, in step S1, an android mobile phone end application module may be provided, where the android mobile phone end application module is integrated with a first SDK module. In the step S1, a proxy service module is provided, and a second SDK module is collected in the proxy service module, where the second SDK module is communicatively connected to the plurality of first SDK modules.
It will be apparent to those skilled in the art that the modules or steps of the invention described above may be implemented in a general purpose computing device, they may be concentrated on a single computing device, or distributed across a network of computing devices, or they may alternatively be implemented in program code executable by computing devices, such that they may be stored in a memory device for execution by the computing devices, or they may be separately fabricated into individual integrated circuit modules, or multiple modules or steps within them may be fabricated into a single integrated circuit module. Thus, the present invention is not limited to any specific combination of hardware and software.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions.
Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
The above embodiments are only for illustrating the technical solution of the present invention, and are not limiting; although the invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical scheme described in the foregoing embodiments can be modified or some technical features thereof can be replaced by equivalents; such modifications and substitutions do not depart from the spirit and scope of the technical solutions of the embodiments of the present invention.
Claims (7)
1. The android mobile phone end application proxy access security control method is characterized by comprising the following steps of: comprises the following steps
S1: when an application is started, intercepting a system bottom network data IO read-write method according to an interception scheme by an SDK integrated in the application and acquiring all flow information sending ports;
s2: judging an application sending information through an SDK integrated in the proxy service while receiving the information sent by the application by a proxy service interface, and storing all data ports of the application sending the information;
S3: comparing a sending port with the application data port intercepted by the integrated SDK while forwarding data by the proxy service, releasing the corresponding port connection of the integrated SDK and interrupting other connections;
when the access control method is used for An Zhuoben machine multiple applications to access the same proxy service port, the source port authentication is carried out on the applications which are permitted to access, so that only authorized applications can complete the security control of the access.
2. The android mobile phone end application proxy access security control method according to claim 1, wherein the method is characterized in that: in the step S1, the interception scheme includes that S11 intercepts a sending port according to an access ip or a domain name, S12 intercepts application accesses according to application configuration, and S13 registers applications according to application related information acquired in the integrated SDK to distinguish the applications.
3. The android mobile phone end application proxy access security control method according to claim 1, wherein the method is characterized in that: all traffic information transmissions sent from the application in said step S1 are data transmitted via TCP.
4. The android mobile phone end application proxy access security control method according to claim 1, wherein the method is characterized in that: the proxy service receives data via TCP in the step S2.
5. The android mobile phone end application proxy access security control method according to claim 1, wherein the method is characterized in that: the SDK integrated in the application notifies the SDK integrated in the proxy service in step S2, and the proxy server controls data of the application according to feedback of the SDK integrated in the proxy service.
6. The android mobile phone end application proxy access security control method according to claim 1, wherein the method is characterized in that: in the step S1, an android mobile phone end application module is provided, and a first SDK module is integrated in the android mobile phone end application module.
7. The android mobile phone end application proxy access security control method according to claim 6, wherein the method is characterized in that: in the step S1, a proxy service module is provided, and a second SDK module is collected in the proxy service module, where the second SDK module is communicatively connected to the plurality of first SDK modules.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011111191.0A CN112261660B (en) | 2020-10-16 | 2020-10-16 | Android mobile phone end application proxy access security control method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202011111191.0A CN112261660B (en) | 2020-10-16 | 2020-10-16 | Android mobile phone end application proxy access security control method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN112261660A CN112261660A (en) | 2021-01-22 |
| CN112261660B true CN112261660B (en) | 2024-06-04 |
Family
ID=74244690
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202011111191.0A Active CN112261660B (en) | 2020-10-16 | 2020-10-16 | Android mobile phone end application proxy access security control method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN112261660B (en) |
Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1260545A (en) * | 1999-12-29 | 2000-07-19 | 西安交通大学 | Agency for address translation based on transparent network and firewall web gat e |
| WO2001031874A2 (en) * | 1999-10-28 | 2001-05-03 | Jpmorgan Chase Bank | Secured session sequencing proxy system supporting multiple applications and method therefor |
| WO2002085041A2 (en) * | 2001-04-10 | 2002-10-24 | T-Mobile Deutschland Gmbh | Method for carrying out monitoring measures and information searches in telecommunication and data networks |
| CN104010000A (en) * | 2014-06-13 | 2014-08-27 | 北京联宇益通科技发展有限公司 | Data package filtering method, device and system for Android system under non-super user authority |
| CN105376107A (en) * | 2014-08-29 | 2016-03-02 | 腾讯科技(深圳)有限公司 | Terminal test method and proxy server |
| CN106936791A (en) * | 2015-12-31 | 2017-07-07 | 阿里巴巴集团控股有限公司 | Intercept the method and apparatus that malice network address is accessed |
| WO2019010734A1 (en) * | 2017-07-12 | 2019-01-17 | 网宿科技股份有限公司 | Method and system for guiding service application traffic |
| CN109450991A (en) * | 2018-10-19 | 2019-03-08 | 网宿科技股份有限公司 | Data transmission acceleration method, relevant device and acceleration system based on mobile application |
| CN110113325A (en) * | 2019-04-25 | 2019-08-09 | 成都卫士通信息产业股份有限公司 | Network Data Control method, apparatus and storage medium based on third party SDK |
| CN110324436A (en) * | 2019-07-05 | 2019-10-11 | 网宿科技股份有限公司 | A kind of Proxy Method and device of transport-layer proxy |
| CN111224832A (en) * | 2018-11-26 | 2020-06-02 | 阿里巴巴集团控股有限公司 | Method, control equipment, proxy server and system for capturing network data |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US9935955B2 (en) * | 2016-03-28 | 2018-04-03 | Zscaler, Inc. | Systems and methods for cloud based unified service discovery and secure availability |
-
2020
- 2020-10-16 CN CN202011111191.0A patent/CN112261660B/en active Active
Patent Citations (11)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| WO2001031874A2 (en) * | 1999-10-28 | 2001-05-03 | Jpmorgan Chase Bank | Secured session sequencing proxy system supporting multiple applications and method therefor |
| CN1260545A (en) * | 1999-12-29 | 2000-07-19 | 西安交通大学 | Agency for address translation based on transparent network and firewall web gat e |
| WO2002085041A2 (en) * | 2001-04-10 | 2002-10-24 | T-Mobile Deutschland Gmbh | Method for carrying out monitoring measures and information searches in telecommunication and data networks |
| CN104010000A (en) * | 2014-06-13 | 2014-08-27 | 北京联宇益通科技发展有限公司 | Data package filtering method, device and system for Android system under non-super user authority |
| CN105376107A (en) * | 2014-08-29 | 2016-03-02 | 腾讯科技(深圳)有限公司 | Terminal test method and proxy server |
| CN106936791A (en) * | 2015-12-31 | 2017-07-07 | 阿里巴巴集团控股有限公司 | Intercept the method and apparatus that malice network address is accessed |
| WO2019010734A1 (en) * | 2017-07-12 | 2019-01-17 | 网宿科技股份有限公司 | Method and system for guiding service application traffic |
| CN109450991A (en) * | 2018-10-19 | 2019-03-08 | 网宿科技股份有限公司 | Data transmission acceleration method, relevant device and acceleration system based on mobile application |
| CN111224832A (en) * | 2018-11-26 | 2020-06-02 | 阿里巴巴集团控股有限公司 | Method, control equipment, proxy server and system for capturing network data |
| CN110113325A (en) * | 2019-04-25 | 2019-08-09 | 成都卫士通信息产业股份有限公司 | Network Data Control method, apparatus and storage medium based on third party SDK |
| CN110324436A (en) * | 2019-07-05 | 2019-10-11 | 网宿科技股份有限公司 | A kind of Proxy Method and device of transport-layer proxy |
Also Published As
| Publication number | Publication date |
|---|---|
| CN112261660A (en) | 2021-01-22 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US7474655B2 (en) | Restricting communication service | |
| US7743158B2 (en) | Access network dynamic firewall | |
| US7853998B2 (en) | Firewall propagation | |
| US7522907B2 (en) | Generic wlan architecture | |
| JP3459183B2 (en) | Packet verification method | |
| US8230480B2 (en) | Method and apparatus for network security based on device security status | |
| JP3443529B2 (en) | Method of providing firewall service and computer system providing firewall service | |
| EP1317111B1 (en) | A personalized firewall | |
| US20200344208A1 (en) | Method and apparatus for processing service request | |
| US20040177247A1 (en) | Policy enforcement in dynamic networks | |
| US7016334B2 (en) | Device, system, method and computer readable medium for fast recovery of IP address change | |
| US9071505B2 (en) | Method and system for dynamically allocating services for subscribers data traffic | |
| JP2003198637A (en) | Packet verifying method | |
| US10601777B2 (en) | Data inspection system and method | |
| EP1234469B1 (en) | Cellular data system security method | |
| KR101896453B1 (en) | A gateway-based access control system for improving security and reducing constraint of remote access application | |
| WO2012134741A1 (en) | Method and apparatus for enhancing qos during home network remote access | |
| CN106656966A (en) | Method and device for intercepting service processing request | |
| CN101888370B (en) | Device and method for preventing IPv6 (Internet Protocol version 6) from being deceptively attached | |
| CN112261660B (en) | Android mobile phone end application proxy access security control method | |
| US10805260B2 (en) | Method for transmitting at least one IP data packet, related system and computer program product | |
| GB2376854A (en) | Centralised security service for ISP environment | |
| KR101013274B1 (en) | Method and system for intercepting unusual call in wireless data communication environment | |
| WO2003079210A1 (en) | Differentiated connectivity in a pay-per-use public data access system | |
| CN111787028A (en) | Network access control method, equipment and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |