CN114462030A - Privacy policy processing and evidence obtaining method, device, equipment and storage medium - Google Patents

Privacy policy processing and evidence obtaining method, device, equipment and storage medium Download PDF

Info

Publication number
CN114462030A
CN114462030A CN202210133704.0A CN202210133704A CN114462030A CN 114462030 A CN114462030 A CN 114462030A CN 202210133704 A CN202210133704 A CN 202210133704A CN 114462030 A CN114462030 A CN 114462030A
Authority
CN
China
Prior art keywords
privacy policy
application software
processing
pop
privacy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210133704.0A
Other languages
Chinese (zh)
Inventor
侯柳平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Baidu Netcom Science and Technology Co Ltd
Original Assignee
Beijing Baidu Netcom Science and Technology Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Baidu Netcom Science and Technology Co Ltd filed Critical Beijing Baidu Netcom Science and Technology Co Ltd
Priority to CN202210133704.0A priority Critical patent/CN114462030A/en
Publication of CN114462030A publication Critical patent/CN114462030A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/55Detecting local intrusion or implementing counter-measures
    • G06F21/552Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/50Information retrieval; Database structures therefor; File system structures therefor of still image data
    • G06F16/58Retrieval characterised by using metadata, e.g. metadata not derived from the content or metadata generated manually
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/90Details of database functions independent of the retrieved data types
    • G06F16/95Retrieval from the web
    • G06F16/953Querying, e.g. by the use of web search engines
    • G06F16/9537Spatial or temporal dependent retrieval, e.g. spatiotemporal queries

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Data Mining & Analysis (AREA)
  • Computer Security & Cryptography (AREA)
  • Software Systems (AREA)
  • Library & Information Science (AREA)
  • Computer Hardware Design (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)

Abstract

本公开提供了一种隐私政策的处理、取证方法、装置、设备及存储介质,涉及互联网应用领域,尤其涉及应用软件、数据安全、信息流、自然语言处理领域。其中,隐私政策的处理方法包括:监测应用软件的隐私政策处理过程,响应于应用软件的隐私政策处理过程,确定隐私政策处理过程的发生时间和过程截图,获取应用软件通过隐私政策详情页面展示的隐私政策内容,将隐私政策处理过程的发生时间和过程截图以及隐私政策内容保存至存储服务器。隐私政策的取证方法,包括:基于接收到的取证查询请求,查询存储服务器,确定并输出目标应用软件在目标时间区间内的隐私政策处理信息。本公开的技术方案有效保证了用户在使用应用软件时的合法权益。

Figure 202210133704

The present disclosure provides a privacy policy processing and evidence collection method, device, device and storage medium, which relate to the field of Internet applications, and in particular, to the fields of application software, data security, information flow, and natural language processing. Among them, the processing method of the privacy policy includes: monitoring the privacy policy processing process of the application software, responding to the privacy policy processing process of the application software, determining the occurrence time and process screenshot of the privacy policy processing process, and obtaining the application software through the privacy policy details page. For the content of the privacy policy, save the occurrence time and process screenshots of the privacy policy processing process and the content of the privacy policy to the storage server. The forensic method for a privacy policy includes: querying a storage server based on the received forensic query request, and determining and outputting the privacy policy processing information of the target application software within the target time interval. The technical solution of the present disclosure effectively guarantees the legitimate rights and interests of users when using the application software.

Figure 202210133704

Description

Privacy policy processing and evidence obtaining method, device, equipment and storage medium
Technical Field
The present disclosure relates to the field of application software, data security, information flow, and natural language processing in internet applications, and in particular, to a method, an apparatus, a device, and a storage medium for processing and obtaining evidence of a privacy policy.
Background
With the development of the times, application software has penetrated the aspects of people's daily life, and more data are transmitted and recorded through the application software, and in the privacy protection of the application software, a privacy policy becomes an important part. Privacy policies are legal documents provided by companies and organizations that inform users how personal data is collected and used on related application software programs and other platforms.
In the related art, the content of the privacy policy of the application software is stored in the server, and when the application software determines that the user agrees to the privacy policy which is actively popped up when the application software is started for the first time, the content of the privacy policy can be accessed and obtained through a Uniform Resource Locator (URL) and displayed to the user on a human-computer interaction interface of the application software. Since the privacy policy content can be updated at the server by the application software developer at any time, the privacy policy content seen by the user when using the application software may not be consistent with the privacy policy content actually collected by the application software, and the user rights and interests may be impaired.
Disclosure of Invention
The disclosure provides a privacy policy processing method, a privacy policy evidence obtaining device and a privacy policy evidence obtaining device, and a storage medium.
According to a first aspect of the present disclosure, there is provided a privacy policy processing method, including:
monitoring a privacy policy processing process of application software;
responding to the privacy policy processing process of the application software, and determining the occurrence time and the process screenshot of the privacy policy processing process;
obtaining privacy policy content displayed by the application software through a privacy policy detail page;
and saving the occurrence time and the process screenshot of the privacy policy processing process and the privacy policy content to a storage server.
According to a second aspect of the present disclosure, there is provided a method for forensics of a privacy policy, comprising:
receiving a forensics inquiry request, wherein the forensics inquiry request comprises: the identification and the target time interval of the target application software;
inquiring a storage server based on the evidence obtaining inquiry request, and determining privacy policy processing information of the target application software in the target time interval, wherein the privacy policy processing information of at least one application software is stored in the storage server;
and outputting privacy policy processing information of the target application software in the target time interval.
According to a third aspect of the present disclosure, there is provided a privacy policy processing apparatus, including:
the monitoring unit is used for monitoring the privacy policy processing process of the application software;
the processing unit is used for responding to the privacy policy processing process of the application software, and determining the occurrence time and the process screenshot of the privacy policy processing process;
the acquisition unit is used for acquiring the privacy policy content displayed by the application software through a privacy policy detail page;
and the sending unit is used for saving the occurrence time and the process screenshot of the privacy policy processing process and the privacy policy content to a storage server.
According to a fourth aspect of the present disclosure, there is provided a privacy policy forensics apparatus, including:
a receiving unit, configured to receive a forensics inquiry request, where the forensics inquiry request includes: identification and target time interval of target application software;
the inquiring unit is used for inquiring a storage server based on the evidence obtaining inquiring request, and determining privacy policy processing information of the target application software in the target time interval, wherein the privacy policy processing information of at least one application software is stored in the storage server;
and the output unit is used for outputting privacy policy processing information of the target application software in the target time interval.
According to a fifth aspect of the present disclosure, there is provided an electronic device comprising:
at least one processor; and
a memory communicatively coupled to the at least one processor; wherein,
the memory stores instructions executable by the at least one processor to enable the at least one processor to perform the method of the first aspect or to perform the method of the second aspect.
According to a sixth aspect of the present disclosure, there is provided a non-transitory computer readable storage medium having stored thereon computer instructions for causing a computer to perform the method of the first aspect or the method of the second aspect.
According to a seventh aspect of the present disclosure, there is provided a computer program product comprising: a computer program, stored in a readable storage medium, from which at least one processor of an electronic device can read the computer program, execution of the computer program by the at least one processor causing the electronic device to perform the method of the first aspect or to perform the method of the second aspect.
It should be understood that the statements in this section do not necessarily identify key or critical features of the embodiments of the present disclosure, nor do they limit the scope of the present disclosure. Other features of the present disclosure will become apparent from the following description.
Drawings
The drawings are included to provide a better understanding of the present solution and are not to be construed as limiting the present disclosure. Wherein:
fig. 1 is a schematic diagram of an application scenario provided in an embodiment of the present disclosure;
fig. 2 is a flowchart illustrating a privacy policy processing method according to a first embodiment of the present disclosure;
fig. 3 is a flowchart illustrating a privacy policy processing method according to a second embodiment of the disclosure;
fig. 4 is a flowchart illustrating a privacy policy processing method according to a third embodiment of the disclosure;
fig. 5 is a flowchart illustrating a privacy policy forensics method according to a first embodiment of the disclosure;
fig. 6 is a flowchart illustrating a privacy policy processing method according to a second embodiment of the disclosure;
fig. 7 is a schematic structural diagram of a privacy policy processing apparatus provided by an embodiment of the present disclosure;
fig. 8 is a schematic structural diagram of a privacy policy forensics apparatus provided by an embodiment of the present disclosure;
FIG. 9 shows a schematic block diagram of an example electronic device to implement embodiments of the present disclosure.
Detailed Description
Exemplary embodiments of the present disclosure are described below with reference to the accompanying drawings, in which various details of the embodiments of the disclosure are included to assist understanding, and which are to be considered as merely exemplary. Accordingly, those of ordinary skill in the art will recognize that various changes and modifications of the embodiments described herein can be made without departing from the scope and spirit of the present disclosure. Also, descriptions of well-known functions and constructions are omitted in the following description for clarity and conciseness.
The privacy policy is a statement about how application software (APP) or websites collect, process, use, store, share, transfer, disclose and the like to manage user information, and the laws and regulations in major countries and regions list the privacy policy as a necessary document for APP. Compliance detection of the APP privacy policy, and intelligent processing and accurate understanding of the APP privacy policy by using Natural Language Processing (NLP) technology are currently popular research fields.
According to legal and legal requirements, the APP should actively pop up a privacy policy for a user to read when the APP is started for the first time, and the personal information stated in the privacy policy can be collected only after the user agrees with the privacy policy. Namely, the privacy policy needs to accurately describe the purpose, mode, range and the like of collecting user information by the APP in the operation process of the APP so as to avoid illegal violation of collecting user information and avoid infringement of the legal rights and interests of the user.
In the related technology, the privacy policy content of the APP is usually stored in the server, and when the APP determines that the user agrees to the privacy policy which is actively popped up when the APP is started for the first time, the APP can access the privacy policy from the server through the URL and display the privacy policy to the user on a man-machine interaction interface of the APP. Subsequently, the APP developer may update the content of the privacy policy at the server at any time, which may cause the content of the privacy policy seen by the user when using the APP to be inconsistent with the content of the privacy policy actually collected by the APP, thereby causing the user to lose the rights and interests.
For example: the user uses a certain APP in x days x months x days xx years, when the privacy policy is read, the privacy policy does not state the collection of the user contact ways, the user thinks that the APP can not collect the user contact ways and can be used safely, but the APP collects the user contact ways at the background and updates the content of the privacy policy after a period of time, and the statement for collecting the user contact ways is added, so that the user is actually led to collect the contact ways under the condition that the user is unaware of the contact ways, the behavior of illegally collecting personal information belongs to, but the behavior is difficult to prove for the user. This behavior also makes it possible for the APP to evade the supervision of regulatory agencies and application markets to illicitly gather personal information on a large scale.
In the technical scheme of the disclosure, the collection, storage, use, processing, transmission, provision, disclosure and other processing of the personal information of the related user are all in accordance with the regulations of related laws and regulations and do not violate the good customs of the public order.
Aiming at the problems in the related art, the conception process of the technical scheme disclosed by the invention is as follows: based on the thought of automated testing, carry out large-scale automatic testing and privacy policy evidence collection to the APP that has issued, for example, in the processing procedure of privacy policy, through the emergence time and the process screenshot of recording each processing procedure to upload to storage server, so that the user can follow-up inquiry, solved APP and evaded the supervision, deceive the problem that the user illegally collected personal information.
For example, in the embodiment of the disclosure, a test platform (or called as a test device) may automatically install and run a plurality of APPs, and automatically record occurrence time and process screenshots of various processing processes, such as a privacy policy box pop-up of an APP, a privacy policy link clicked in the privacy policy box, and a privacy policy detail page associated with the privacy policy link opened, and upload the occurrence time and the process screenshots to a storage server on a cloud platform, so as to achieve the purpose of storing certificates.
Optionally, the cloud platform can provide a query function, when a user, an application market, a supervision organization and the like wish to examine whether the APP is legally compliant in a certain period to collect the personal information of the user, a forensics query request can be sent to the cloud platform, so that the cloud platform determines the privacy policy content and the forensics information of the APP in the period based on the APP identifier in the forensics query request, and then judges the legality of the APP collecting the personal information behavior at that time in combination with the specifically collected personal information behavior of the APP.
Based on the conception process, the embodiment of the disclosure provides a privacy policy processing and evidence obtaining method, in the privacy policy processing process, the occurrence time and the process screenshot of the privacy policy processing process of application software and the privacy policy content displayed by the application software through a privacy policy detail page are obtained and stored in a storage server, and correspondingly, in the evidence obtaining process of the privacy policy, when a evidence obtaining query request is received, the privacy policy processing information of the target application software in a target time interval can be determined and output by querying the storage server, so that the behavior of collecting personal information by the application software is effectively restrained, the rights and interests of a large number of users are guaranteed, and the privacy compliance of the whole industry is improved.
The present disclosure provides a privacy policy processing method, a privacy policy forensics device, a privacy policy forensics apparatus, and a privacy policy storage medium, which are applied to the technical fields of application software, data security, information flow, natural language processing, etc. in internet applications, and are used for ensuring the legitimate rights and interests of users when using the application software.
In order to facilitate understanding of the technical solutions provided by the present disclosure, an application scenario of the embodiment of the present disclosure is first described with reference to fig. 1.
Fig. 1 is a schematic diagram of an application scenario provided in the embodiment of the present disclosure. As shown in fig. 1, the application scenario may include: two processes; wherein:
the first process is a privacy policy processing process.
Illustratively, the test equipment monitors the privacy policy processing process of the application software, responds to the privacy policy processing process of the application software, determines the occurrence time and the process screenshot of the privacy policy processing process, acquires the privacy policy content displayed by the application software through a privacy policy detail page, and finally stores the occurrence time, the process screenshot and the privacy policy content of the privacy policy processing process to a storage server in the cloud platform.
It can be understood that the privacy policy in the embodiment of the present disclosure specifically refers to the content of the privacy policy that is displayed on the privacy policy detail page by clicking the privacy policy link existing in the privacy policy pop-up box after the application software actively pops up the privacy policy pop-up box when being started for the first time. Alternatively, the privacy policy may be actively popped up at first startup after first installation or reinstallation or version update.
For example, in an embodiment of the present disclosure, referring to fig. 1, a testing device may receive a testing instruction issued from the outside, where the testing instruction may include an identifier of at least one application software, and acquire an installation file of the application software through interaction with a cloud platform, and automatically install and run the application software, and then, monitor a privacy policy processing process of the application software.
Illustratively, the processing of the privacy policy includes: and popping up a privacy policy pop-up box, clicking a privacy policy link in the privacy policy pop-up box, opening a privacy policy detail page related to the privacy policy link and the like.
Correspondingly, referring to fig. 1, when monitoring that the application software pops out the privacy policy pop-up frame, the test device records the pop-up time of the privacy policy pop-up frame and intercepts an image when the privacy policy pop-up frame pops up, when monitoring that the privacy policy link in the privacy policy pop-up frame is clicked, records the clicked time of the privacy policy link and intercepts the image when the privacy policy link is clicked, and when monitoring that the privacy policy detail page associated with the privacy policy link is opened, records the opened time of the privacy policy detail page and intercepts the image when the privacy policy detail page is opened.
It can be understood that, as shown in fig. 1, after the test device acquires the installation file and before the application software is installed, the test device may further determine attribute information of the installation file and store the attribute information to a storage server in the cloud platform.
Optionally, the attribute information of the installation file may include a file unique identifier, file description information, and the like, where the file unique identifier is a hash value obtained by performing a hash operation on the installation file, and the file description information includes, but is not limited to: version number of installation file, download address, download date, test date, source market, etc.
The second process is a forensics process of the privacy policy.
With continued reference to fig. 1, the cloud platform may store the occurrence time and the process screenshot of the received privacy policy processing process and the privacy policy content, and may also store the attribute information of the installation file.
Correspondingly, the cloud platform can receive the evidence obtaining query request, and queries in the storage server based on the identification of the target application software and the target time interval included in the evidence obtaining query request, so as to determine and output privacy policy processing information of the target application software in the target time interval, and therefore, a query worker can judge whether the user information collected by the APP is consistent with the user information collected by the statement in the privacy policy.
It is understood that in embodiments of the present disclosure, the privacy policy processing information stored in the storage server may include, but is not limited to including:
the occurrence time and process screenshot of each process in the privacy policy process;
the file description information of the corresponding installation file of each application software comprises: the version number, download address, download date, test date and source of the installation file;
processing start and stop timestamps of each application software;
and the privacy policy contents are displayed on the privacy policy detail page by each application software.
It should be noted that fig. 1 is only an application scenario schematic diagram provided by the embodiment of the present disclosure, and the embodiment of the present disclosure does not limit specific devices included in an application scenario, for example, the application scenario may further include: terminal devices, processing devices, etc.
For example, in the application scenario shown in fig. 1, the terminal device may issue a test instruction and/or a forensic query request based on the received indication.
Optionally, the storage server in this embodiment may be privacy policy processing information for each application software, and the cloud platform in this embodiment may be a server of each device, and may provide various services.
It is understood that the position relationship between the devices shown in fig. 1 does not constitute any limitation, and for example, the storage server may be integrated in the cloud platform or may be a separate device.
It should be noted that the test device in the embodiment of the present disclosure may be a terminal device, a server, a virtual machine, or the like, or a distributed computer system composed of one or more servers and/or computers, or the like, and the embodiment of the present disclosure is not limited. The server in the embodiments of the present disclosure may be a common server or a cloud server, and the cloud server is also called a cloud computing server or a cloud host, and is a host product in a cloud computing service system. The server may also be a server of a distributed system, or a server incorporating a blockchain. Terminal devices include, but are not limited to: smart phones, notebook computers, desktop computers, platform computers, vehicle-mounted equipment, intelligent wearable equipment and the like.
It should be noted that the product implementation form of the present disclosure is a program code included in cloud platform software and deployed on a server (which may also be hardware with computing capability such as a computing cloud or a mobile terminal). In the system architecture diagram shown in fig. 1, the program code of the present disclosure may be stored inside the test device and the cloud platform. During operation, the program code is run in the host memory and/or the GPU memory of the server.
In the embodiments of the present disclosure, "a plurality" means two or more. "and/or" describes the association relationship of the associated objects, meaning that there may be three relationships, e.g., a and/or B, which may mean: a exists alone, A and B exist simultaneously, and B exists alone. The character "/" generally indicates that the former and latter associated objects are in an "or" relationship.
Hereinafter, the technical solution of the present disclosure will be described in detail by specific examples. It should be noted that the following specific embodiments may be combined with each other, and the same or similar concepts or processes may not be described in detail in some embodiments.
For example, the processing of the privacy policy is first described in detail below with reference to several specific embodiments.
Fig. 2 is a flowchart illustrating a privacy policy processing method according to a first embodiment of the present disclosure. The method of this embodiment may be executed by the test apparatus in fig. 1, or may be executed by a processor in the test apparatus. In this embodiment, the method is performed by a test apparatus. As shown in fig. 2, the method for processing the privacy policy according to this embodiment may include:
s201, monitoring the privacy policy processing process of the application software.
In practical applications, the test device may execute the technical solution of the embodiments of the present disclosure on a large amount of released application software. Optionally, the test device may be a real mobile phone or a simulator or a cloud mobile phone.
For example, the test device can automatically test the privacy policy of the installed and operated application software. For example, the application software is run automatically using an automation running framework, and the privacy policy handling process of the application software is monitored.
Optionally, the test device may monitor the operation of the application software by using a monitoring tool, and specifically, monitor a privacy policy processing procedure in the application software.
S202, responding to the privacy policy processing process of the application software, and determining the occurrence time and the process screenshot of the privacy policy processing process.
For example, when monitoring the privacy policy processing procedure of the application software, the test device may record the occurrence time and the process screenshot of the privacy policy processing procedure. Alternatively, the process screenshot may be interpreted as the screenshot when the privacy policy handling process occurs.
Illustratively, the privacy policy handling process includes: popping up a privacy policy pop-up box, clicking a privacy policy link in the privacy policy pop-up box, opening a privacy policy detail page associated with the privacy policy link, and the like, wherein the occurrence time and the process screenshot of the privacy policy processing process may include: the method comprises the steps of popping out a privacy policy pop-up box, a first page screenshot when the privacy policy pop-up box pops out, clicking time of a privacy policy link in the privacy policy pop-up box, a second page screenshot when the privacy policy link is clicked, opening time of a privacy policy detail page, a screenshot when the privacy policy detail page is opened and the like.
S203, obtaining the privacy policy content displayed by the application software through the privacy policy detail page.
Optionally, after the application software is subjected to the privacy policy processing processes, the opened privacy policy detail page may be displayed through a human-computer interaction interface of the application software, and the privacy policy content is recorded on the privacy policy detail page, so that the test device may obtain the privacy policy content displayed by the application software through the privacy policy detail page through a grabbing tool.
It is understood that in embodiments of the present disclosure, the privacy policy content is the specific content of user information specifically declared by the application software that may be collected, used, processed, disclosed during the running of the application software. Exemplary privacy policy content may include, but is not limited to including: user information, information of devices used by the user, environmental information (e.g., location) in which the user is located, and the like.
And S204, storing the occurrence time and the process screenshot of the privacy policy processing process and the privacy policy content to a storage server.
In the embodiment of the disclosure, in order to facilitate subsequent evidence obtaining when the application software declares the used information to the user, the test device may store the occurrence time and the process screenshot of the determined privacy policy processing process and the privacy policy content to a cloud, for example, a storage server of a cloud platform, so that the user, a supervision organization, an application market, and the like may initiate verification of a behavior of collecting user information by the application software, and particularly, when the behavior of collecting user information by the application software is suspicious, effective evidence support may be improved.
It can be understood that, in practical applications, after the testing device completes one test and evidence preservation of the privacy policy for the application software, the test and evidence preservation can be repeatedly performed on a certain application software at different times, so as to obtain the evidence preservation of the privacy policy content of the application software at different time periods.
Optionally, the test device may execute the technical solution of the embodiment of the present disclosure at the same time or at different times for different application software, and the embodiment of the present disclosure does not limit the technical solution.
In the embodiment of the disclosure, the occurrence time and the process screenshot of the privacy policy processing process are determined by monitoring the privacy policy processing process of the application software, the privacy policy content displayed by the application software through the privacy policy detail page is obtained, and the occurrence time, the process screenshot of the privacy policy processing process and the privacy policy content are stored in the storage server, so that a realization guarantee is provided for subsequent forensics, the problem that the application software illegally collects user information is effectively avoided, and the user rights and interests are effectively guaranteed.
On the basis of the embodiment shown in fig. 2, the following describes a method for processing the privacy policy provided by the embodiment of the present disclosure in more detail.
Fig. 3 is a flowchart illustrating a privacy policy processing method according to a second embodiment of the disclosure. In an embodiment of the present disclosure, the privacy policy processing procedure includes: and popping up a privacy policy pop-up box, clicking a privacy policy link in the privacy policy pop-up box, and opening a privacy policy detail page related to the privacy policy link. Accordingly, as shown in fig. 3, the above S202 can be implemented by the following steps:
s301, responding to the popup of the privacy policy popup box of the application software, recording popup time of the privacy policy popup box and capturing a first page screenshot when the privacy policy popup box pops up.
Wherein a privacy policy link exists in the privacy policy box.
Illustratively, according to legal requirements, the application software should actively pop up a privacy policy box when it is first started, and guide the user to click on a privacy policy link in the privacy policy box, so as to present the privacy policy content on a privacy policy details page for the user to read. Therefore, when the test equipment monitors that the application software pops out the privacy policy pop-up frame, in response to the popping-up of the privacy policy pop-up frame, the test equipment records the popping-up time of the privacy policy pop-up frame of the application software, and intercepts a page when the privacy policy pop-up frame pops up to obtain a first page screenshot.
S302, responding to the fact that the privacy policy link in the privacy policy box is clicked, recording the clicked time of the privacy policy link, and capturing a second page screenshot when the privacy policy link is clicked.
In practical application, the application software gives the privacy policy link through the privacy policy pop-up box, and when the test equipment monitors that the privacy policy link in the privacy policy pop-up box is clicked, the clicked time of the privacy policy link can be recorded, the page of the clicked privacy policy link is intercepted, and the second page screenshot is obtained.
It is appreciated that in embodiments of the present disclosure, where the privacy policy link is a link that connects the privacy policy box and the privacy policy details page, the page of the application software may jump from the privacy policy box page to the privacy policy details page when the privacy policy link is clicked, and thus, in response to the privacy policy link being clicked within the privacy policy box, the privacy policy details page associated with the privacy policy link may be opened.
For example, after S301, the testing device may trigger the privacy policy link to be clicked by invoking an automated testing tool to click on the privacy policy link within the privacy policy box.
In the embodiment, the automatic testing tool is used for simulating the clicking behavior of the user, so that the automatic testing of the application software can be realized, and the testing cost is reduced.
And S303, responding to the fact that the privacy policy detail page related to the privacy policy link is opened, and recording the opened time of the privacy policy detail page and a third page screenshot when the privacy policy detail page is opened.
And privacy policy content is displayed on the privacy policy detail page.
Optionally, a privacy policy details page associated with the privacy policy link may be triggered to be opened in response to the privacy policy link of the application software being clicked. Correspondingly, when the test equipment monitors that the privacy policy detail page related to the privacy policy link is opened, the test equipment can automatically record the opening time of the privacy policy detail page and intercept the page when the privacy policy detail page is opened, so as to obtain a third page screenshot.
It can be understood that, in practical applications, the privacy policy details page is recorded with specific privacy policy contents, and the privacy policy contents can state various operations, such as collecting, processing, disclosing and the like, of the application software on various information related to the user, that is, the application software will show the privacy policy contents through the privacy policy details page.
In the embodiment of the disclosure, specific implementation of the occurrence time and the process screenshot of the processing process of determining, by the testing device, that the privacy policy pop-up box pops up, the privacy policy link in the privacy policy pop-up box is clicked, the privacy policy detail page associated with the privacy policy link is opened and the like is described, and implementation premises are provided for subsequent forensics.
On the basis of the embodiment shown in fig. 2 or fig. 3, fig. 4 is a flowchart illustrating a privacy policy processing method according to a third embodiment of the present disclosure. As shown in fig. 4, in an embodiment of the present disclosure, before the step S201, the method for processing the privacy policy may further include:
s401, obtaining a test instruction, wherein the test instruction comprises: identification of the application software.
For example, the test device may execute the privacy policy processing procedure of the application software based on external test instructions. For example, the test device may receive a test instruction sent by a plurality of objects through the terminal, and in order to clarify the tested application software, the test instruction needs to carry an identifier of the application software, so that the test device performs the processes of obtaining an installation file, installing the application software, running the application software, and processing a privacy policy in the running process of the application software.
S402, acquiring an installation file of the application software based on the identification of the application software in the test instruction.
For example, after the test device analyzes the test instruction to determine the identifier of the application software to be tested, the installation file of the application software may be acquired in a form of interaction with the cloud platform.
Optionally, after each application software is released, the installation file of the application software is usually stored in the cloud platform, so that a user can obtain the installation file of a certain application software from the cloud platform in a terminal device networking manner and perform a subsequent installation process. Therefore, in this embodiment, after receiving the test instruction, the test device may also download the installation file of the application software from the cloud platform.
And S403, installing the application software by using the installation file of the application software, and automatically running the application software.
Optionally, after the test device obtains the installation file of the application software, the application software may be automatically installed or installed on the test device based on the installation instruction, and the automatic operation framework is called to automatically operate the application software.
In one example, the automatic operation framework may be an automatic framework built by a tester based on a test task, and after the application software is installed on test equipment such as a real mobile phone, a simulator, a cloud mobile phone and the like, the application software is automatically operated by using the automatic operation framework.
Optionally, in an embodiment of the present disclosure, as shown in fig. 4, after S402, the method for processing the privacy policy may further include:
s404, determining the attribute information of the installation file.
Wherein the attribute information includes: unique file identification and file description information; the unique file identifier is a hash value obtained by performing hash operation on the installation file, and the file description information includes: the version number of the installation file, the download address, the download date, the test date and the source market.
For example, when acquiring the installation file of the application software, the testing device may record attribute information of the application software. For example, the accuracy in evidence collection can be improved by calculating the hash value of the installation file (such as MD5, SHA1, SHA256, etc.), and using it as the file unique identifier of the application software, and further recording the version number, download address, download date, test date, source market, etc. of the application software as auxiliary file description information, so as to follow up the occurrence time and process screenshot of the accurate associated privacy policy processing process.
And S405, storing the attribute information of the installation file into a storage server.
In the embodiment of the disclosure, in order to facilitate subsequent privacy policy evidence obtaining, the test device may store the determined attribute information of the installation file to a cloud, for example, a storage server of a cloud platform, so that a user, a supervision organization, an application market, and the like may initiate verification of a behavior of collecting user information by application software, and particularly, when the behavior of collecting user information by application software is suspicious, effective evidence support may be provided.
The above embodiments describe the processing of privacy policies. The privacy policy forensics process is described below in connection with several specific embodiments.
Fig. 5 is a flowchart illustrating a privacy policy forensics method according to a first embodiment of the disclosure. The method of this embodiment may be executed by the cloud platform in fig. 1, and may also be executed by a processor in the cloud platform, where the cloud platform may be referred to as a cloud server. In this embodiment, the cloud platform executes the method. As shown in fig. 5, the method for forensics of privacy policy provided by this embodiment may include:
s501, receiving a forensics inquiry request, where the forensics inquiry request includes: identification of the target application software and the target time interval.
Optionally, when the behavior of collecting personal information by the application software is suspicious, such as a user, a monitoring organization, and an application market, the privacy policy processing information of the application software in a specific time period can be queried at any time, so that the behavior of collecting personal information in violation of law of the application software is unbearable.
For example, privacy policy processing information of a large amount of application software in a large number of time periods may be stored in a storage server of the cloud platform, and when a forensics query request is received by the cloud platform, in order to enable the cloud platform to accurately determine the application software to be forensics and the forensics time period, the forensics query request needs to include an identifier of the target application software and a target time interval.
S502, inquiring a storage server based on the evidence obtaining inquiry request, and determining privacy policy processing information of the target application software in a target time interval.
The storage server stores privacy policy processing information of at least one application software.
For example, in this embodiment, the storage server stores, in the storage server, the privacy policy processing information such as the occurrence time and the process screenshot of the privacy policy processing process of at least one application software determined by the testing device in the embodiments shown in fig. 2 to fig. 4 in at least one time period, and the privacy policy content, and the at least one application software includes the target application software in the forensics inquiry request, and the at least one time period includes the target time interval. Therefore, the cloud platform can query the storage server according to the identifier of the target application software and the target time interval, and acquire the privacy policy processing information of the target application software in the target time interval.
And S503, outputting privacy policy processing information of the target application software in the target time interval.
Optionally, after determining the privacy policy processing information of the target application software in the target time interval, the cloud platform may output the privacy policy processing information.
In one example, when the cloud platform has a human-computer interaction interface, the privacy policy processing information of the target application software in the target time interval can be displayed through the human-computer interaction interface, and when the cloud platform has a voice function, the privacy policy processing information of the target application software in the target time interval can also be played.
In one example, the cloud platform may feed back privacy policy processing information of the target application software in the target time interval to the terminal device that issued the forensic query request, so that the terminal device displays or plays the privacy policy processing information.
In an embodiment of the present disclosure, by receiving a forensics query request, the forensics query request includes: and inquiring the storage server based on the evidence obtaining inquiry request, and determining and outputting privacy policy processing information of the target application software in the target time interval. According to the technical scheme, the evidence obtaining and inquiring function is provided, the behavior that the application software collects the personal information brutally can be restricted, the problem that the application software deceives the user to collect the personal information illegally is solved, the supervision cost is greatly reduced, the rights and interests of the majority of users are guaranteed, and therefore the privacy compliance level of the whole industry is improved.
On the basis of the embodiment shown in fig. 5, the following describes a method for processing the privacy policy provided by the embodiment of the present disclosure in more detail.
Exemplarily, fig. 6 is a flowchart illustrating a privacy policy processing method according to a second embodiment of the present disclosure. As shown in fig. 6, in the embodiment of the present disclosure, the above S502 may be implemented by the following steps:
s601, inquiring a storage server based on the identification of the target application software, and positioning to a privacy policy evidence storage position of the target application software.
S602, based on the starting time and the ending time of the target time interval, obtaining the privacy policy processing information of the target application software in the target time interval from the privacy policy evidence storage position.
Illustratively, when the cloud platform determines the identifier of the target application software and the target time interval by analyzing the forensics query request, in one possible design, the information stored in the storage server is queried and is located at the privacy policy forensics position of the target application software, and then the privacy policy processing information in the target time interval is obtained from the privacy policy forensics position.
It is understood that, in another possible design of the present disclosure, the cloud platform may further determine privacy policy processing information of all application software within the target time interval based on the start time and the end time of the target time interval, and then select privacy policy processing information of the target application software based on the identifier of the target application software.
Optionally, the embodiment of the disclosure does not limit a specific implementation manner of how the cloud platform determines the privacy policy processing information of the target application software in the target time interval.
In the embodiment of the disclosure, the privacy policy evidence storing position of the target application software is firstly positioned, and then the scheme of obtaining the privacy policy processing information of the target application software in the target time interval is obtained from the privacy policy evidence storing position based on the starting time and the ending time of the target time interval, so that the privacy policy processing information of the target application software in the target time interval can be accurately and rapidly determined, and the evidence obtaining efficiency and the evidence obtaining accuracy are improved.
Optionally, in an embodiment of the present disclosure, the storage server stores the privacy policy processing information of each application software in a key-value pair manner, where a key name of the key-value pair is a unique file identifier of each application software, the unique file identifier is a hash value obtained by performing hash operation on an installation file of each application software, and a key value of the key-value pair is the privacy policy processing information of the application software corresponding to the key-name identifier.
Illustratively, in a storage server of the cloud platform, the privacy policy processing information of each application software may exist in the form of key-value pairs (key-value), and therefore, when a forensics query request is received, the identifier of the target application software, i.e., the unique file identifier (target key), may be used as an index to locate the privacy policy validation position of the target application software, and then the privacy policy information corresponding to the unique file identifier is obtained from the located privacy policy validation position, and then the privacy policy processing information in the target time interval is obtained based on the start time and the end time of the target time interval.
Illustratively, the information in the storage server takes the hash value of the application software as the unique identifier of the corresponding installation file of the application software, and accordingly, the privacy policy processing information may include at least one of the following:
the time of occurrence and process screenshots of the privacy policy handling process;
the file description information of the corresponding installation file of each application software includes: the version number, download address, download date, test date and source of the installation file;
processing start and stop timestamps of each application software;
and the privacy policy contents are displayed on the privacy policy detail page by each application software.
The privacy policy content may be in an HTML form or a plain text file form, and this embodiment does not limit this.
Optionally, in this embodiment, the privacy policy processing information of each application software in the storage server is stored in a block chain form.
The storage server can respectively store the privacy policy processing information of each application software in a block chain form based on the receiving time, and can prevent subsequent tampering, so that the reliability of evidence obtaining is ensured.
Fig. 7 is a schematic structural diagram of a privacy policy processing apparatus according to an embodiment of the present disclosure. The privacy policy processing device provided by the embodiment may be the test equipment in fig. 1 or a device in the test equipment. As shown in fig. 7, the privacy policy processing apparatus 700 according to the present embodiment includes:
a monitoring unit 701, configured to monitor a privacy policy processing procedure of application software;
a processing unit 702, configured to determine an occurrence time and a process screenshot of a privacy policy handling process in response to the privacy policy handling process of the application software;
an obtaining unit 703, configured to obtain the content of the privacy policy displayed by the application software through a privacy policy detail page;
a sending unit 704, configured to save the occurrence time and the process screenshot of the privacy policy processing process and the privacy policy content to a storage server.
In one possible implementation, the privacy policy processing procedure includes: popping up a privacy policy pop-up box, clicking a privacy policy link in the privacy policy pop-up box, and opening a privacy policy detail page related to the privacy policy link;
accordingly, the processing unit 702 includes:
the first processing module is used for responding to the popup of a privacy policy popup of the application software, recording popup time of the privacy policy popup and capturing a first page screenshot when the privacy policy popup is popped up, wherein a privacy policy link exists in the privacy policy popup;
the second processing module is used for responding to the fact that the privacy policy link in the privacy policy box is clicked, recording the clicked time of the privacy policy link and capturing a second page screenshot when the privacy policy link is clicked;
and the third processing module is used for responding to the opening of the privacy policy detail page related to the privacy policy link, recording the opening time of the privacy policy detail page and a third page screenshot when the privacy policy detail page is opened, wherein the privacy policy detail page is displayed with privacy policy content.
Optionally, the first processing module is further configured to invoke an automatic testing tool to click the privacy policy link in the privacy policy box.
In a possible implementation manner, the obtaining unit 703 is further configured to:
obtaining a test instruction, wherein the test instruction comprises: an identification of the application software;
acquiring an installation file of the application software based on the identifier of the application software in the test instruction;
the processing unit 702 is further configured to install the application software by using the installation file of the application software, and automatically run the application software.
Optionally, the processing unit 702 is further configured to determine attribute information of the installation file, where the attribute information includes: the file unique identification is a hash value obtained by performing hash operation on the installation file, and the file description information includes: the version number, download address, download date, test date and source market of the installation file;
the sending unit is further configured to store the attribute information of the installation file in the storage server.
The processing apparatus of the privacy policy provided in this embodiment may be used to execute the processing method of the privacy policy according to the method embodiments shown in fig. 2 to fig. 4, and the implementation principle and the technical effect are similar, which are not described herein again.
Fig. 8 is a schematic structural diagram of a privacy policy forensics apparatus provided in an embodiment of the present disclosure. The forensics device of the privacy policy provided by the embodiment may be the cloud platform in fig. 1 or a device in the cloud platform. As shown in fig. 8, the privacy policy forensics apparatus 800 according to the present embodiment includes:
a receiving unit 801, configured to receive a forensics query request, where the forensics query request includes: identification and target time interval of target application software;
a querying unit 802, configured to query, based on the forensics query request, a storage server in which privacy policy processing information of at least one application software is stored, and determine privacy policy processing information of the target application software in the target time interval;
an output unit 803, configured to output privacy policy processing information of the target application software in the target time interval.
In a possible implementation manner, the querying unit 802 includes:
the positioning module is used for inquiring the storage server based on the identification of the target application software and positioning to the privacy policy evidence storage position of the target application software;
and the obtaining module is used for obtaining the privacy policy processing information of the target application software in the target time interval from the privacy policy evidence storing position based on the starting time and the ending time of the target time interval.
Optionally, the storage server stores the privacy policy processing information of each application software in a key-value pair manner, where a key name of the key-value pair is a unique file identifier of each application software, the unique file identifier is a hash value obtained by performing a hash operation on an installation file of each application software, and a key value of the key-value pair is the privacy policy processing information of the application software corresponding to the key-name identifier.
Optionally, the privacy policy processing information further includes at least one of:
the time of occurrence and process screenshots of the privacy policy handling process;
the file description information of the corresponding installation file of each application software comprises: the version number, download address, download date, test date and source of the installation file;
processing start and stop timestamps of each application software;
and the privacy policy contents are displayed on the privacy policy detail page by each application software.
Optionally, the privacy policy processing information of each application software in the storage server is stored in a blockchain form.
The forensics apparatus of privacy policy provided in this embodiment may be used to execute the forensics method of privacy policy in the embodiment of the method shown in fig. 5 or fig. 6, and the implementation principle and technical effect are similar, which are not described herein again.
The present disclosure also provides an electronic device, a readable storage medium, and a computer program product according to embodiments of the present disclosure.
According to an embodiment of the present disclosure, the present disclosure also provides a computer program product comprising: a computer program, stored in a readable storage medium, from which at least one processor of the electronic device can read the computer program, the at least one processor executing the computer program causing the electronic device to perform the solution provided by any of the embodiments described above.
FIG. 9 shows a schematic block diagram of an example electronic device to implement embodiments of the present disclosure. Electronic devices are intended to represent various forms of digital computers, such as laptops, desktops, workstations, personal digital assistants, servers, blade servers, mainframes, and other appropriate computers. The electronic device may also represent various forms of mobile devices, such as personal digital processing, cellular phones, smart phones, wearable devices, and other similar computing devices. The components shown herein, their connections and relationships, and their functions, are meant to be examples only, and are not meant to limit implementations of the disclosure described and/or claimed herein.
As shown in fig. 9, the apparatus 900 includes a computing unit 901, which can perform various appropriate actions and processes in accordance with a computer program stored in a Read Only Memory (ROM)902 or a computer program loaded from a storage unit 908 into a Random Access Memory (RAM) 903. In the RAM903, various programs and data required for the operation of the device 900 can also be stored. The calculation unit 901, ROM 902, and RAM903 are connected to each other via a bus 904. An input/output (I/O) interface 905 is also connected to bus 904.
A number of components in the device 900 are connected to the I/O interface 905, including: an input unit 906 such as a keyboard, a mouse, and the like; an output unit 907 such as various types of displays, speakers, and the like; a storage unit 908 such as a magnetic disk, optical disk, or the like; and a communication unit 909 such as a network card, a modem, a wireless communication transceiver, and the like. The communication unit 909 allows the device 900 to exchange information/data with other devices through a computer network such as the internet and/or various telecommunication networks.
The computing unit 901 may be a variety of general and/or special purpose processing components having processing and computing capabilities. Some examples of the computing unit 901 include, but are not limited to, a Central Processing Unit (CPU), a Graphics Processing Unit (GPU), various dedicated Artificial Intelligence (AI) computing chips, various computing units running machine learning model algorithms, a Digital Signal Processor (DSP), and any suitable processor, controller, microcontroller, and so forth. The computing unit 901 performs the respective methods and processes described above, for example, a processing method of a privacy policy and/or a forensics method of a privacy policy. For example, in some embodiments, the privacy policy processing method and/or the privacy policy forensics method may be implemented as a computer software program tangibly embodied on a machine-readable medium, such as storage unit 908. In some embodiments, part or all of the computer program may be loaded and/or installed onto device 900 via ROM 902 and/or communications unit 909. When the computer program is loaded into RAM903 and executed by computing unit 901, one or more steps of the above-described privacy policy processing method and/or privacy policy forensics method may be performed. Alternatively, in other embodiments, the computing unit 901 may be configured by any other suitable means (e.g., by means of firmware) to perform the processing method of the privacy policy and/or the forensics method of the privacy policy.
Various implementations of the systems and techniques described here above may be implemented in digital electronic circuitry, integrated circuitry, Field Programmable Gate Arrays (FPGAs), Application Specific Integrated Circuits (ASICs), Application Specific Standard Products (ASSPs), system on a chip (SOCs), Complex Programmable Logic Devices (CPLDs), computer hardware, firmware, software, and/or combinations thereof. These various embodiments may include: implemented in one or more computer programs that are executable and/or interpretable on a programmable system including at least one programmable processor, which may be special or general purpose, receiving data and instructions from, and transmitting data and instructions to, a storage system, at least one input device, and at least one output device.
Program code for implementing the methods of the present disclosure may be written in any combination of one or more programming languages. These program codes may be provided to a processor or controller of a general purpose computer, special purpose computer, or other programmable data processing apparatus, such that the program codes, when executed by the processor or controller, cause the functions/operations specified in the flowchart and/or block diagram to be performed. The program code may execute entirely on the machine, partly on the machine, as a stand-alone software package partly on the machine and partly on a remote machine or entirely on the remote machine or server.
In the context of this disclosure, a machine-readable medium may be a tangible medium that can contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device. The machine-readable medium may be a machine-readable signal medium or a machine-readable storage medium. A machine-readable medium may include, but is not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples of a machine-readable storage medium would include an electrical connection based on one or more wires, a portable computer diskette, a hard disk, a Random Access Memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing.
To provide for interaction with a user, the systems and techniques described here can be implemented on a computer having: a display device (e.g., a CRT (cathode ray tube) or LCD (liquid crystal display) monitor) for displaying information to a user; and a keyboard and a pointing device (e.g., a mouse or a trackball) by which a user can provide input to the computer. Other kinds of devices may also be used to provide for interaction with a user; for example, feedback provided to the user can be any form of sensory feedback (e.g., visual feedback, auditory feedback, or tactile feedback); and input from the user may be received in any form, including acoustic, speech, or tactile input.
The systems and techniques described here can be implemented in a computing system that includes a back-end component (e.g., as a data server), or that includes a middleware component (e.g., an application server), or that includes a front-end component (e.g., a user computer having a graphical user interface or a web browser through which a user can interact with an implementation of the systems and techniques described here), or any combination of such back-end, middleware, or front-end components. The components of the system can be interconnected by any form or medium of digital data communication (e.g., a communication network). Examples of communication networks include: local Area Networks (LANs), Wide Area Networks (WANs), and the Internet.
The computer system may include clients and servers. A client and server are generally remote from each other and typically interact through a communication network. The relationship of client and server arises by virtue of computer programs running on the respective computers and having a client-server relationship to each other. The Server can be a cloud Server, also called a cloud computing Server or a cloud host, and is a host product in a cloud computing service system, so as to solve the defects of high management difficulty and weak service expansibility in the traditional physical host and VPS service ("Virtual Private Server", or simply "VPS"). The server may also be a server of a distributed system, or a server incorporating a blockchain.
It should be understood that various forms of the flows shown above, reordering, adding or deleting steps, may be used. For example, the steps described in the present disclosure may be executed in parallel, sequentially, or in different orders, as long as the desired results of the technical solutions disclosed in the present disclosure can be achieved, and the present disclosure is not limited herein.
The above detailed description should not be construed as limiting the scope of the disclosure. It should be understood by those skilled in the art that various modifications, combinations, sub-combinations and substitutions may be made in accordance with design requirements and other factors. Any modification, equivalent replacement, and improvement made within the spirit and principle of the present disclosure should be included in the scope of protection of the present disclosure.

Claims (23)

1.一种隐私政策的处理方法,包括:1. A method of dealing with a privacy policy, including: 监测应用软件的隐私政策处理过程;Monitor the privacy policy processing process of the application software; 响应于所述应用软件的隐私政策处理过程,确定所述隐私政策处理过程的发生时间和过程截图;In response to the privacy policy processing process of the application software, determine the occurrence time of the privacy policy processing process and a screenshot of the process; 获取所述应用软件通过隐私政策详情页面展示的隐私政策内容;Obtain the privacy policy content displayed by the application software through the privacy policy details page; 将所述隐私政策处理过程的发生时间和过程截图以及所述隐私政策内容保存至存储服务器。The occurrence time and process screenshot of the privacy policy processing process and the privacy policy content are saved to the storage server. 2.根据权利要求1所述的方法,其中,所述隐私政策处理过程包括:隐私政策弹框弹出、所述隐私政策弹框内的隐私政策链接被点击、所述隐私政策链接关联的隐私政策详情页面被打开;2. The method according to claim 1, wherein the privacy policy processing process comprises: a privacy policy pop-up box pops up, a privacy policy link in the privacy policy pop-up box is clicked, and a privacy policy associated with the privacy policy link is clicked. The details page is opened; 相应的,所述响应于所述应用软件的隐私政策处理过程,确定所述隐私政策处理过程的发生时间和过程截图,包括:Correspondingly, determining the occurrence time and process screenshot of the privacy policy processing process in response to the privacy policy processing process of the application software, including: 响应于所述应用软件的隐私政策弹框弹出,记录所述隐私政策弹框的弹时间并捕获所述隐私政策弹框弹出时的第一页面截图,所述隐私政策弹框中存在隐私政策链接;In response to the pop-up of the privacy policy pop-up box of the application software, record the pop-up time of the privacy policy pop-up box and capture the screenshot of the first page when the privacy policy pop-up box pops up, and there is a privacy policy link in the privacy policy pop-up box ; 响应于所述隐私政策弹框内的隐私政策链接被点击,记录所述隐私政策链接的被点击时间、捕获所述隐私政策链接被点击时的第二页面截图;In response to the privacy policy link in the privacy policy pop-up box being clicked, record the clicked time of the privacy policy link, and capture a screenshot of the second page when the privacy policy link is clicked; 响应于所述隐私政策链接关联的隐私政策详情页面被打开,记录所述隐私政策详情页面的被打开时间以及所述隐私政策详情页面被打开时的第三页面截图,所述隐私政策详情页面上展示有隐私政策内容。In response to the privacy policy details page associated with the privacy policy link being opened, record the opening time of the privacy policy details page and a screenshot of the third page when the privacy policy details page is opened, on the privacy policy details page Display the content of the privacy policy. 3.根据权利要求2所述的方法,在所述响应于所述应用软件的隐私政策弹框弹出,记录所述隐私政策弹框的弹时间并捕获所述隐私政策弹框弹出时的第一页面截图之后,还包括:3. The method according to claim 2, when the privacy policy pop-up box in response to the application software pops up, record the pop-up time of the privacy policy pop-up box and capture the first time when the privacy policy pop-up box pops up. After the screenshot of the page, it also includes: 调用自动化测试工具点击所述隐私政策弹框内的隐私政策链接。Call the automated testing tool and click the privacy policy link in the privacy policy pop-up box. 4.根据权利要求1至3任一项所述的方法,在所述监测应用软件的隐私政策处理过程之前,还包括:4. The method according to any one of claims 1 to 3, before the privacy policy processing process of the monitoring application software, further comprising: 获取测试指令,所述测试指令包括:所述应用软件的标识;Acquire a test instruction, where the test instruction includes: the identifier of the application software; 基于所述测试指令中所述应用软件的标识,获取所述应用软件的安装文件;Obtain the installation file of the application software based on the identification of the application software in the test instruction; 利用所述应用软件的安装文件,安装所述应用软件,并自动运行所述应用软件。Using the installation file of the application software, the application software is installed, and the application software is automatically run. 5.根据权利要求4所述的方法,在所述基于所述测试指令中所述应用软件的标识,获取所述应用软件的安装文件之后,还包括:5. The method according to claim 4, after obtaining the installation file of the application software based on the identification of the application software in the test instruction, further comprising: 确定所述安装文件的属性信息,所述属性信息包括:文件唯一标识和文件描述信息,所述文件唯一标识是对所述安装文件进行哈希运算后得到的哈希值,所述文件描述信息包括:安装文件的版本号、下载地址、下载日期、测试日期、来源市场;Determine the attribute information of the installation file, the attribute information includes: a file unique identifier and file description information, the file unique identifier is a hash value obtained by performing a hash operation on the installation file, and the file description information Including: the version number of the installation file, the download address, the download date, the test date, and the source market; 将所述安装文件的属性信息存储至所述存储服务器。The attribute information of the installation file is stored in the storage server. 6.一种隐私政策的取证方法,包括:6. A forensic method of privacy policy, including: 接收取证查询请求,所述取证查询请求包括:目标应用软件的标识和目标时间区间;Receive a forensic query request, where the forensic query request includes: an identifier of the target application software and a target time interval; 基于所述取证查询请求,查询存储服务器,确定所述目标应用软件在所述目标时间区间内的隐私政策处理信息,所述存储服务器中存储有至少一个应用软件的隐私政策处理信息;Based on the forensic query request, query a storage server to determine the privacy policy processing information of the target application software within the target time interval, and the storage server stores the privacy policy processing information of at least one application software; 输出所述目标应用软件在所述目标时间区间内的隐私政策处理信息。Output the privacy policy processing information of the target application software within the target time interval. 7.根据权利要求6所述的方法,其中,所述基于所述取证查询请求,查询存储服务器,确定所述目标应用软件在所述目标时间区间内的隐私政策处理信息,包括:7. The method according to claim 6, wherein the querying a storage server based on the forensic query request to determine the privacy policy processing information of the target application software within the target time interval comprises: 基于所述目标应用软件的标识,查询所述存储服务器,定位到所述目标应用软件的隐私政策存证位置;Based on the identifier of the target application software, query the storage server, and locate the privacy policy storage location of the target application software; 基于所述目标时间区间的起始时间和结束时间,从所述隐私政策存证位置,获取所述目标应用软件在所述目标时间区间内的隐私政策处理信息。Based on the start time and the end time of the target time interval, the privacy policy processing information of the target application software within the target time interval is obtained from the privacy policy certification location. 8.根据权利要求6或7所述的方法,其中,所述存储服务器以键值对的方式存储各个应用软件的隐私政策处理信息,所述键值对的键名是各个应用软件的文件唯一标识,所述文件唯一标识是对各个应用软件的安装文件进行哈希运算后得到的哈希值,所述键值对的键值是对应键名标识的应用软件的隐私政策处理信息。8. The method according to claim 6 or 7, wherein the storage server stores the privacy policy processing information of each application software in the form of a key-value pair, and the key name of the key-value pair is unique to the file of each application software The unique file identifier is a hash value obtained by performing a hash operation on the installation files of each application software, and the key value of the key-value pair is the privacy policy processing information of the application software corresponding to the key name identifier. 9.根据权利要求8所述的方法,其中,所述隐私政策处理信息包括如下至少一种:9. The method of claim 8, wherein the privacy policy processing information comprises at least one of the following: 隐私政策处理过程的发生时间和过程截图;The time and process screenshots of the privacy policy processing process; 各应用软件对应安装文件的文件描述信息,所述文件描述信息包括:安装文件的版本号、下载地址、下载日期、测试日期、来源;The file description information of the installation file corresponding to each application software, the file description information includes: the version number of the installation file, the download address, the download date, the test date, and the source; 各应用软件的处理起止时间戳;Time stamps of the processing start and end of each application software; 各应用软件在隐私政策详情页面上展示的隐私政策内容。The privacy policy content displayed on the privacy policy details page of each application software. 10.根据权利要求6至9任一项所述的方法,其中,所述存储服务器中各个应用软件的隐私政策处理信息以区块链形式存储。10. The method according to any one of claims 6 to 9, wherein the privacy policy processing information of each application software in the storage server is stored in the form of a block chain. 11.一种隐私政策的处理装置,包括:11. A processing device for a privacy policy, comprising: 监测单元,用于监测应用软件的隐私政策处理过程;A monitoring unit, used to monitor the privacy policy processing process of the application software; 处理单元,用于响应于所述应用软件的隐私政策处理过程,确定所述隐私政策处理过程的发生时间和过程截图;a processing unit, configured to determine the occurrence time and process screenshot of the privacy policy processing process in response to the privacy policy processing process of the application software; 获取单元,用于获取所述应用软件通过隐私政策详情页面展示的隐私政策内容;an obtaining unit, used to obtain the privacy policy content displayed by the application software through the privacy policy details page; 发送单元,用于将所述隐私政策处理过程的发生时间和过程截图以及所述隐私政策内容保存至存储服务器。A sending unit, configured to save the occurrence time of the privacy policy processing process, a screenshot of the process, and the content of the privacy policy to a storage server. 12.根据权利要求11所述的装置,其中,所述隐私政策处理过程包括:隐私政策弹框弹出、所述隐私政策弹框内的隐私政策链接被点击、所述隐私政策链接关联的隐私政策详情页面被打开;12. The device according to claim 11, wherein the privacy policy processing process comprises: a privacy policy pop-up box pops up, a privacy policy link in the privacy policy pop-up box is clicked, and a privacy policy associated with the privacy policy link is clicked. The details page is opened; 相应的,所述处理单元,包括:Correspondingly, the processing unit includes: 第一处理模块,用于响应于所述应用软件的隐私政策弹框弹出,记录所述隐私政策弹框的弹时间并捕获所述隐私政策弹框弹出时的第一页面截图,所述隐私政策弹框中存在隐私政策链接;The first processing module is configured to record the pop-up time of the privacy policy popup in response to the pop-up of the privacy policy popup of the application software and capture a screenshot of the first page when the privacy policy popup pops up, the privacy policy There is a privacy policy link in the pop-up box; 第二处理模块,用于响应于所述隐私政策弹框内的隐私政策链接被点击,记录所述隐私政策链接的被点击时间、捕获所述隐私政策链接被点击时的第二页面截图;The second processing module is configured to, in response to the privacy policy link in the privacy policy pop-up box being clicked, record the clicked time of the privacy policy link, and capture a screenshot of the second page when the privacy policy link is clicked; 第三处理模块,用于响应于所述隐私政策链接关联的隐私政策详情页面被打开,记录所述隐私政策详情页面的被打开时间以及所述隐私政策详情页面被打开时的第三页面截图,所述隐私政策详情页面上展示有隐私政策内容。The third processing module is configured to, in response to the privacy policy details page associated with the privacy policy link being opened, record the opening time of the privacy policy details page and a screenshot of the third page when the privacy policy details page is opened, The privacy policy details are displayed on the privacy policy details page. 13.根据权利要求12所述的装置,所述第一处理模块,还用于调用自动化测试工具点击所述隐私政策弹框内的隐私政策链接。13. The apparatus according to claim 12, wherein the first processing module is further configured to invoke an automated testing tool to click on a privacy policy link in the privacy policy pop-up box. 14.根据权利要求11至13任一项所述的装置,所述获取单元,还用于:14. The device according to any one of claims 11 to 13, wherein the acquiring unit is further configured to: 获取测试指令,所述测试指令包括:所述应用软件的标识;Acquire a test instruction, where the test instruction includes: the identifier of the application software; 基于所述测试指令中所述应用软件的标识,获取所述应用软件的安装文件;Obtain the installation file of the application software based on the identification of the application software in the test instruction; 所述处理单元,还用于利用所述应用软件的安装文件,安装所述应用软件,并自动运行所述应用软件。The processing unit is further configured to install the application software by using the installation file of the application software, and automatically run the application software. 15.根据权利要求14所述的装置,所述处理单元,还用于确定所述安装文件的属性信息,所述属性信息包括:文件唯一标识和文件描述信息,所述文件唯一标识是对所述安装文件进行哈希运算后得到的哈希值,所述文件描述信息包括:安装文件的版本号、下载地址、下载日期、测试日期、来源市场;15. The apparatus according to claim 14, wherein the processing unit is further configured to determine attribute information of the installation file, the attribute information comprising: a file unique identifier and file description information, the file unique identifier is a The hash value obtained after the installation file is hashed, and the file description information includes: the version number of the installation file, the download address, the download date, the test date, and the source market; 所述发送单元,还用于将所述安装文件的属性信息存储至所述存储服务器。The sending unit is further configured to store the attribute information of the installation file to the storage server. 16.一种隐私政策的取证装置,包括:16. A forensic device for a privacy policy, comprising: 接收单元,用于接收取证查询请求,所述取证查询请求包括:目标应用软件的标识和目标时间区间;a receiving unit, configured to receive a forensic inquiry request, where the forensic inquiry request includes: an identifier of the target application software and a target time interval; 查询单元,用于基于所述取证查询请求,查询存储服务器,确定所述目标应用软件在所述目标时间区间内的隐私政策处理信息,所述存储服务器中存储有至少一个应用软件的隐私政策处理信息;a query unit, configured to query a storage server based on the forensic query request, and determine the privacy policy processing information of the target application software within the target time interval, and the storage server stores the privacy policy processing information of at least one application software information; 输出单元,用于输出所述目标应用软件在所述目标时间区间内的隐私政策处理信息。An output unit, configured to output the privacy policy processing information of the target application software within the target time interval. 17.根据权利要求16所述的装置,其中,所述查询单元,包括:17. The apparatus according to claim 16, wherein the query unit comprises: 定位模块,用于基于所述目标应用软件的标识,查询所述存储服务器,定位到所述目标应用软件的隐私政策存证位置;a locating module, configured to query the storage server based on the identifier of the target application software, and locate the location where the privacy policy of the target application software is stored; 获取模块,用于基于所述目标时间区间的起始时间和结束时间,从所述隐私政策存证位置,获取所述目标应用软件在所述目标时间区间内的隐私政策处理信息。an obtaining module, configured to obtain the privacy policy processing information of the target application software within the target time interval from the privacy policy storage location based on the start time and the end time of the target time interval. 18.根据权利要求16或17所述的装置,其中,所述存储服务器以键值对的方式存储各个应用软件的隐私政策处理信息,所述键值对的键名是各个应用软件的文件唯一标识,所述文件唯一标识是对各个应用软件的安装文件进行哈希运算后得到的哈希值,所述键值对的键值是对应键名标识的应用软件的隐私政策处理信息。18. The apparatus according to claim 16 or 17, wherein the storage server stores the privacy policy processing information of each application software in a key-value pair, and the key name of the key-value pair is unique to the file of each application software The unique file identifier is a hash value obtained by performing a hash operation on the installation files of each application software, and the key value of the key-value pair is the privacy policy processing information of the application software corresponding to the key name identifier. 19.根据权利要求18所述的装置,其中,所述隐私政策处理信息包括如下至少一种:19. The apparatus of claim 18, wherein the privacy policy processing information comprises at least one of the following: 隐私政策处理过程的发生时间和过程截图;The time and process screenshots of the privacy policy processing process; 各应用软件对应安装文件的文件描述信息,所述文件描述信息包括:安装文件的版本号、下载地址、下载日期、测试日期、来源;The file description information of the installation file corresponding to each application software, the file description information includes: the version number of the installation file, the download address, the download date, the test date, and the source; 各应用软件的处理起止时间戳;The time stamp of the processing start and end of each application software; 各应用软件在隐私政策详情页面上展示的隐私政策内容。The privacy policy content displayed on the privacy policy details page of each application software. 20.根据权利要求16至19任一项所述的装置,其中,所述存储服务器中各个应用软件的隐私政策处理信息以区块链形式存储。20. The apparatus according to any one of claims 16 to 19, wherein the privacy policy processing information of each application software in the storage server is stored in the form of a blockchain. 21.一种电子设备,包括:21. An electronic device comprising: 至少一个处理器;以及at least one processor; and 与所述至少一个处理器通信连接的存储器;其中,a memory communicatively coupled to the at least one processor; wherein, 所述存储器存储有可被所述至少一个处理器执行的指令,所述指令被所述至少一个处理器执行,以使所述至少一个处理器能够执行权利要求1至5中任一项所述的方法,或者,执行权利要求6至10中任一项所述的方法。The memory stores instructions executable by the at least one processor, the instructions being executed by the at least one processor to enable the at least one processor to perform the execution of any one of claims 1 to 5 method, or, perform the method of any one of claims 6 to 10. 22.一种存储有计算机指令的非瞬时计算机可读存储介质,其中,所述计算机指令用于使所述计算机执行权利要求1至5中任一项所述的方法,或者,执行权利要求6至10中任一项所述的方法。22. A non-transitory computer-readable storage medium storing computer instructions, wherein the computer instructions are used to cause the computer to perform the method of any one of claims 1 to 5, or to perform claim 6 The method of any one of to 10. 23.一种计算机程序产品,包括计算机程序,该计算机程序被处理器执行时实现权利要求1至5中任一项所述方法的步骤,或者,实现权利要求6至10中任一项所述方法的步骤。23. A computer program product comprising a computer program which, when executed by a processor, implements the steps of the method of any one of claims 1 to 5, or, implements the steps of any one of claims 6 to 10 steps of the method.
CN202210133704.0A 2022-02-14 2022-02-14 Privacy policy processing and evidence obtaining method, device, equipment and storage medium Pending CN114462030A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210133704.0A CN114462030A (en) 2022-02-14 2022-02-14 Privacy policy processing and evidence obtaining method, device, equipment and storage medium

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210133704.0A CN114462030A (en) 2022-02-14 2022-02-14 Privacy policy processing and evidence obtaining method, device, equipment and storage medium

Publications (1)

Publication Number Publication Date
CN114462030A true CN114462030A (en) 2022-05-10

Family

ID=81413924

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210133704.0A Pending CN114462030A (en) 2022-02-14 2022-02-14 Privacy policy processing and evidence obtaining method, device, equipment and storage medium

Country Status (1)

Country Link
CN (1) CN114462030A (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114676432A (en) * 2022-05-26 2022-06-28 河北兰科网络工程集团有限公司 APP privacy compliance checking method, terminal and system

Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050251865A1 (en) * 2004-05-07 2005-11-10 Mont Marco C Data privacy management system and method
US20100077484A1 (en) * 2008-09-23 2010-03-25 Yahoo! Inc. Location tracking permissions and privacy
CN110245144A (en) * 2018-04-27 2019-09-17 腾讯科技(深圳)有限公司 Protocol data management method, device, storage medium and system
CN111274598A (en) * 2020-01-23 2020-06-12 众安信息技术服务有限公司 Privacy protection method and device
CN113076538A (en) * 2021-04-02 2021-07-06 北京邮电大学 Method for extracting embedded privacy policy of mobile application APK file

Patent Citations (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20050251865A1 (en) * 2004-05-07 2005-11-10 Mont Marco C Data privacy management system and method
US20100077484A1 (en) * 2008-09-23 2010-03-25 Yahoo! Inc. Location tracking permissions and privacy
CN110245144A (en) * 2018-04-27 2019-09-17 腾讯科技(深圳)有限公司 Protocol data management method, device, storage medium and system
CN111274598A (en) * 2020-01-23 2020-06-12 众安信息技术服务有限公司 Privacy protection method and device
CN113076538A (en) * 2021-04-02 2021-07-06 北京邮电大学 Method for extracting embedded privacy policy of mobile application APK file

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
JESSICA D. YOUNG: "Commitment analysis to operationalize software requirements from privacy policies", 《 REQUIREMENTS ENGINEERING》, vol. 16, 10 June 2010 (2010-06-10), pages 33 - 46, XP019883820, DOI: 10.1007/s00766-010-0108-6 *
杜代忠: "Android应用隐私政策与权限使用的一致性分析引擎的研究与实现", 《中国优秀硕士学位论文全文数据库 信息科技辑》, 15 January 2022 (2022-01-15), pages 138 - 160 *

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114676432A (en) * 2022-05-26 2022-06-28 河北兰科网络工程集团有限公司 APP privacy compliance checking method, terminal and system

Similar Documents

Publication Publication Date Title
US20250307397A1 (en) Automatic mitigation of corrupted or compromised compute resources
US11025660B2 (en) Impact-detection of vulnerabilities
US9215245B1 (en) Exploration system and method for analyzing behavior of binary executable programs
CN111221625B (en) File detection method, device and equipment
CN110737891A (en) A host intrusion detection method and device
EP4160421A1 (en) Method and apparatus for obtaining browser running data, and storage medium
CN112579418A (en) Method, device, equipment and computer readable medium for identifying access log
CN111654495B (en) Method, apparatus, device and storage medium for determining traffic generation source
CN110232022A (en) Network environment test method, device and terminal device
CN114911817B (en) Data processing method, device, electronic device and storage medium
US20250039222A1 (en) Cybersecurity threat hunting
CN114154153A (en) Malicious code detection method and device, electronic equipment and storage medium
CN114462030A (en) Privacy policy processing and evidence obtaining method, device, equipment and storage medium
CN115310096A (en) A security vulnerability processing method, device, equipment and medium
CN115455414A (en) Safety detection method and device
CN116055202B (en) Identification method, device and equipment of risk equipment and storage medium
CN113590425B (en) Data processing method, apparatus, device, medium, and program product
CN117609992A (en) Data disclosure detection method, device and storage medium
CN117061368A (en) Automatic recognition method, device, equipment and medium for bypassing fort machine behaviors
CN114003497B (en) Testing methods, devices, equipment and storage media for business systems
CN116755984A (en) Data processing methods, devices, electronic equipment and storage media
CN114721787A (en) Operation event processing method and device, electronic equipment and storage medium
CN114764713A (en) Method and device for generating merchant patrol task, electronic equipment and storage medium
CN119760053B (en) Virtual device identification method, virtual device identification apparatus, electronic device, computer medium, and program product
CN115827422B (en) Methods for intelligently identifying SQL performance risks before Redis goes live

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination