快捷導(dǎo)航

Android應(yīng)用隱私合規(guī)檢測(cè)實(shí)現(xiàn)方案詳解

更新時(shí)間：2022年07月26日 08:51:26 作者：瀟曜

這篇文章主要介紹了Android應(yīng)用隱私合規(guī)檢測(cè)實(shí)現(xiàn)方案,我們需要做的就是提前檢測(cè)好自己的應(yīng)用是否存在隱私合規(guī)問題，及時(shí)整改過來，下面提供Xposed Hook思路去檢測(cè)隱私合規(guī)問題，建議有Xposed基礎(chǔ)的童鞋閱讀，需要的朋友可以參考下

【前言】

為了響應(yīng)國家對(duì)于個(gè)人隱私信息保護(hù)的號(hào)召，各應(yīng)用渠道平臺(tái)陸續(xù)出臺(tái)了對(duì)應(yīng)的檢測(cè)手段去檢測(cè)上架的應(yīng)用是否存在隱私合規(guī)問題，因而你會(huì)發(fā)現(xiàn)現(xiàn)在上架應(yīng)用，隨時(shí)都會(huì)存在被駁回的風(fēng)險(xiǎn)，為了避免被駁回，我們需要做的就是提前檢測(cè)好自己的應(yīng)用是否存在隱私合規(guī)問題，及時(shí)整改過來，下面提供Xposed Hook思路去檢測(cè)隱私合規(guī)問題，建議有Xposed基礎(chǔ)的童鞋閱讀

一、準(zhǔn)備工作

1、準(zhǔn)備一臺(tái)root過的安卓手機(jī)或者安卓模擬器（新版本的手機(jī)root比較麻煩，下面以逍遙模擬器為例來做示范，其實(shí)從很多平臺(tái)出的隱私合規(guī)報(bào)告也可以發(fā)現(xiàn)他們很多用的也是云手機(jī)，也就是等同于模擬器）

2、在安卓模擬器上安裝Xposed框架
1）在逍遙模擬器中搜索欄中搜索下載Xposed Installer應(yīng)用

在這里插入圖片描述

2）Xposed Installer應(yīng)用安裝完成之后，點(diǎn)擊啟動(dòng)，你會(huì)看到一段錯(cuò)誤的提示文字：無法載入可用的ZIP文件，請(qǐng)下滑刷新重試，但是你嘗試多次刷新發(fā)現(xiàn)并沒有效果

在這里插入圖片描述

3）使用Fiddler對(duì)逍遙模擬器進(jìn)行抓包，可以看到下滑刷新時(shí)候，會(huì)請(qǐng)求這個(gè)地址：http://dl-xda.xposed.info/framework.json ，但是http協(xié)議的這個(gè)地址已經(jīng)不支持了，所以在fiddler你會(huì)看到提示504

在這里插入圖片描述

4）只需將http協(xié)議改為https協(xié)議，搭配科學(xué)上網(wǎng)，在瀏覽器中打開https協(xié)議的鏈接就可以下載，下載到本地之后，可以在fiddler中配置好映射關(guān)系，打開Xposed Installer就能成功下載安裝了，主要是需要配置以下3個(gè)下載鏈接的映射關(guān)系：
http://dl-xda.xposed.info/framework.json ：點(diǎn)擊下載到本地
http://dl-xda.xposed.info/framework/sdk25/x86/xposed-v89-sdk25-x86.zip：點(diǎn)擊下載到本地
http://dl.xposed.info/repo/full.xml.gz ：點(diǎn)擊下載到本地

在這里插入圖片描述

5) 打開Xposed Installer 下滑刷新，點(diǎn)擊安裝，重啟即可生效

在這里插入圖片描述

二、編寫Xposed模塊

1、在Android Studio新建一個(gè)Android App項(xiàng)目
2、在build.gradle中添加xposed的編譯依賴

dependencies {
    compileOnly 'de.robv.android.xposed:api:82'
    compileOnly 'de.robv.android.xposed:api:82:sources'
}

3、在AndroidManifest.xml application標(biāo)簽下添加對(duì)應(yīng)屬性的設(shè)置

 <!--告訴xposed框架這是一個(gè)xposed模塊-->
        <meta-data
            android:name="xposedmodule"
            android:value="true" />

        <!--模塊描述-->
        <meta-data
            android:name="xposeddescription"
            android:value="隱私合規(guī)檢測(cè)工具" />

        <!--模塊支持Xposed的最低版本-->
        <meta-data
            android:name="xposedminversion"
            android:value="53" />

4、新建一個(gè)類實(shí)現(xiàn)IXposedHookLoadPackage接口的handleLoadPackage方法

public class PrivacyHook implements IXposedHookLoadPackage {
    @Override
    public void handleLoadPackage(final XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
        if (loadPackageParam.packageName.startsWith("com.sswl")) {

            XposedBridge.log("PrivacyHook  has Hooked!");

            //檢測(cè)mac的獲取
            Class<?> NetworkInterfaceCls = XposedHelpers.findClass("java.net.NetworkInterface", loadPackageParam.classLoader);
            XposedHelpers.findAndHookMethod(NetworkInterfaceCls, "getNetworkInterfaces", new XC_MethodHook() {

                protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                    super.beforeHookedMethod(param);
                    Log.w("Xposed", "=============================================================");
                    XposedBridge.log("調(diào)用getNetworkInterfaces");
                    StackTraceElement[] stackTrace = new Exception().getStackTrace();
                    for (int i = 0; i < stackTrace.length; i++) {
                        Log.e("Xposed", "" + stackTrace[i]);
                    }


                }

                protected void afterHookedMethod(MethodHookParam param) throws Throwable {


                }

            });


            //檢測(cè)androidId的獲取
            Class<?> SystemCls = XposedHelpers.findClass("android.provider.Settings$System", loadPackageParam.classLoader);
            XposedHelpers.findAndHookMethod(SystemCls, "getString", ContentResolver.class, String.class, new XC_MethodHook() {

                protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                    super.beforeHookedMethod(param);
                    Log.w("Xposed", "=============================================================");
                    XposedBridge.log("調(diào)用android.provider.Settings$System.getString");
                    StackTraceElement[] stackTrace = new Exception().getStackTrace();
                    for (int i = 0; i < stackTrace.length; i++) {
                        Log.e("Xposed", "" + stackTrace[i]);
                    }


                }

                protected void afterHookedMethod(MethodHookParam param) throws Throwable {


                }

            });
        }
    }
}

上面示例主要是展示了mac地址與 androidId獲取的檢測(cè)與調(diào)用堆棧的打印，方便快速定位存在隱私合規(guī)問題的代碼位置，其他隱私信息獲取也類似，這里就不一一展示
5、在assets目錄下新建文件名為：xposed_init 的文件，并將剛才新建的那個(gè)類的完整類名填寫到第一行，比如：com.sswl.xposed.PrivacyHook

6、點(diǎn)擊打包安裝到逍遙模擬器之后，打開Xposed Installer, 點(diǎn)擊模塊進(jìn)去，勾選剛才打包安裝的應(yīng)用，重啟模擬器即生效

在這里插入圖片描述

7、最后可以看一下，檢測(cè)打印的日志

2022-07-25 20:29:30.022 1908-1908/com.sswl.myxmsj W/Xposed: =============================================================
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj I/Xposed: 調(diào)用android.provider.Settings$System.getString
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.xposed.PrivacyHook$2.beforeHookedMethod(PrivacyHook.java:61)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:340)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: android.provider.Settings$System.getString(<Xposed>)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.ta.utdid2.device.c.i(SourceFile:196)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.ta.utdid2.device.c.j(SourceFile:223)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.ta.utdid2.device.c.h(SourceFile:415)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.ta.utdid2.device.c.getValue(SourceFile:279)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.ta.utdid2.device.b.a(SourceFile:50)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.ta.utdid2.device.b.b(SourceFile:84)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.ta.utdid2.device.UTDevice.getUtdid(SourceFile:18)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.ut.device.UTDevice.getUtdid(SourceFile:16)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.alibaba.sdk.android.push.impl.j.a(Unknown Source)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.alibaba.sdk.android.push.impl.j.register(Unknown Source)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.sdk.g.b.ax(SourceFile:47)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.sdk.b.a.initApplication(SourceFile:160)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.channel.SSWLSdk.initApplication(SourceFile:41)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.template.e.initApplication(SourceFile:110)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.template.f.initApplication(SourceFile:32)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.myxmsj.HTApplication.onCreate()
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1024)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: android.app.ActivityThread.handleBindApplication(ActivityThread.java:5405)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:360)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: android.app.ActivityThread.handleBindApplication(<Xposed>)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: android.app.ActivityThread.-wrap2(ActivityThread.java)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: android.app.ActivityThread$H.handleMessage(ActivityThread.java:1546)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: android.os.Handler.dispatchMessage(Handler.java:102)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: android.os.Looper.loop(Looper.java:154)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: android.app.ActivityThread.main(ActivityThread.java:6121)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: java.lang.reflect.Method.invoke(Native Method)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:889)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.android.internal.os.ZygoteInit.main(ZygoteInit.java:779)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: de.robv.android.xposed.XposedBridge.main(XposedBridge.java:107)
2022-07-25 20:29:30.170 111-111/? E/Xposed: Unsupported st_mode 16877
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj W/Xposed: =============================================================
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj I/Xposed: 調(diào)用getNetworkInterfaces
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.xposed.PrivacyHook$1.beforeHookedMethod(PrivacyHook.java:37)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:340)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: java.net.NetworkInterface.getNetworkInterfaces(<Xposed>)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: anet.channel.util.d.h(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: anet.channel.util.d.i(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: anet.channel.util.d.e(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: anet.channel.status.b.d(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: anet.channel.status.b.a(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: anet.channel.status.NetworkStatusHelper.startListener(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: anet.channel.SessionCenter.init(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: anetwork.channel.http.NetworkSdkSetting.init(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.alibaba.sdk.android.push.vip.AppRegister.h(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.alibaba.sdk.android.push.vip.AppRegister.a(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.alibaba.sdk.android.push.impl.j.a(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.alibaba.sdk.android.push.impl.j.register(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.sdk.g.b.ax(SourceFile:47)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.sdk.b.a.initApplication(SourceFile:160)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.channel.SSWLSdk.initApplication(SourceFile:41)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.template.e.initApplication(SourceFile:110)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.template.f.initApplication(SourceFile:32)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.myxmsj.HTApplication.onCreate()
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1024)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: android.app.ActivityThread.handleBindApplication(ActivityThread.java:5405)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:360)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: android.app.ActivityThread.handleBindApplication(<Xposed>)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: android.app.ActivityThread.-wrap2(ActivityThread.java)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: android.app.ActivityThread$H.handleMessage(ActivityThread.java:1546)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: android.os.Handler.dispatchMessage(Handler.java:102)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: android.os.Looper.loop(Looper.java:154)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: android.app.ActivityThread.main(ActivityThread.java:6121)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: java.lang.reflect.Method.invoke(Native Method)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:889)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.android.internal.os.ZygoteInit.main(ZygoteInit.java:779)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: de.robv.android.xposed.XposedBridge.main(XposedBridge.java:107)

到此這篇關(guān)于Android應(yīng)用隱私合規(guī)檢測(cè)實(shí)現(xiàn)方案的文章就介紹到這了,更多相關(guān)Android隱私合規(guī)檢測(cè)內(nèi)容請(qǐng)搜索腳本之家以前的文章或繼續(xù)瀏覽下面的相關(guān)文章希望大家以后多多支持腳本之家！

您可能感興趣的文章: