Android應用隱私合規檢測實現方案詳解

【前言】

 為瞭響應國傢對於個人隱私信息保護的號召,各應用渠道平臺陸續出臺瞭對應的檢測手段去檢測上架的應用是否存在隱私合規問題,因而你會發現現在上架應用,隨時都會存在被駁回的風險,為瞭避免被駁回,我們需要做的就是提前檢測好自己的應用是否存在隱私合規問題,及時整改過來,下面提供Xposed Hook思路去檢測隱私合規問題,建議有Xposed基礎的童鞋閱讀

一、準備工作

1、準備一臺root過的安卓手機或者安卓模擬器(新版本的手機root比較麻煩,下面以逍遙模擬器為例來做示范,其實從很多平臺出的隱私合規報告也可以發現他們很多用的也是雲手機,也就是等同於模擬器)

2、在安卓模擬器上安裝Xposed框架
1)在逍遙模擬器中搜索欄中搜索下載Xposed Installer應用

在這裡插入圖片描述

2)Xposed Installer應用安裝完成之後,點擊啟動,你會看到一段錯誤的提示文字:無法載入可用的ZIP文件,請下滑刷新重試,但是你嘗試多次刷新發現並沒有效果

在這裡插入圖片描述

3)使用Fiddler對逍遙模擬器進行抓包,可以看到下滑刷新時候,會請求這個地址:http://dl-xda.xposed.info/framework.json ,但是http協議的這個地址已經不支持瞭,所以在fiddler你會看到提示504

在這裡插入圖片描述

4)隻需將http協議改為https協議,搭配科學上網,在瀏覽器中打開https協議的鏈接就可以下載,下載到本地之後,可以在fiddler中配置好映射關系,打開Xposed Installer就能成功下載安裝瞭,主要是需要配置以下3個下載鏈接的映射關系:
http://dl-xda.xposed.info/framework.json :點擊下載到本地
http://dl-xda.xposed.info/framework/sdk25/x86/xposed-v89-sdk25-x86.zip:點擊下載到本地
http://dl.xposed.info/repo/full.xml.gz : 點擊下載到本地

在這裡插入圖片描述

5) 打開Xposed Installer 下滑刷新,點擊安裝,重啟即可生效

在這裡插入圖片描述

二、編寫Xposed模塊

1、在Android Studio新建一個Android App項目
2、在build.gradle中添加xposed的編譯依賴

dependencies {
    compileOnly 'de.robv.android.xposed:api:82'
    compileOnly 'de.robv.android.xposed:api:82:sources'
}

3、在AndroidManifest.xml application標簽下添加對應屬性的設置

 <!--告訴xposed框架這是一個xposed模塊-->
        <meta-data
            android:name="xposedmodule"
            android:value="true" />

        <!--模塊描述-->
        <meta-data
            android:name="xposeddescription"
            android:value="隱私合規檢測工具" />

        <!--模塊支持Xposed的最低版本-->
        <meta-data
            android:name="xposedminversion"
            android:value="53" />

4、新建一個類實現IXposedHookLoadPackage接口的handleLoadPackage方法

public class PrivacyHook implements IXposedHookLoadPackage {
    @Override
    public void handleLoadPackage(final XC_LoadPackage.LoadPackageParam loadPackageParam) throws Throwable {
        if (loadPackageParam.packageName.startsWith("com.sswl")) {

            XposedBridge.log("PrivacyHook  has Hooked!");

            //檢測mac的獲取
            Class<?> NetworkInterfaceCls = XposedHelpers.findClass("java.net.NetworkInterface", loadPackageParam.classLoader);
            XposedHelpers.findAndHookMethod(NetworkInterfaceCls, "getNetworkInterfaces", new XC_MethodHook() {

                protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                    super.beforeHookedMethod(param);
                    Log.w("Xposed", "=============================================================");
                    XposedBridge.log("調用getNetworkInterfaces");
                    StackTraceElement[] stackTrace = new Exception().getStackTrace();
                    for (int i = 0; i < stackTrace.length; i++) {
                        Log.e("Xposed", "" + stackTrace[i]);
                    }


                }

                protected void afterHookedMethod(MethodHookParam param) throws Throwable {


                }

            });


            //檢測androidId的獲取
            Class<?> SystemCls = XposedHelpers.findClass("android.provider.Settings$System", loadPackageParam.classLoader);
            XposedHelpers.findAndHookMethod(SystemCls, "getString", ContentResolver.class, String.class, new XC_MethodHook() {

                protected void beforeHookedMethod(MethodHookParam param) throws Throwable {
                    super.beforeHookedMethod(param);
                    Log.w("Xposed", "=============================================================");
                    XposedBridge.log("調用android.provider.Settings$System.getString");
                    StackTraceElement[] stackTrace = new Exception().getStackTrace();
                    for (int i = 0; i < stackTrace.length; i++) {
                        Log.e("Xposed", "" + stackTrace[i]);
                    }


                }

                protected void afterHookedMethod(MethodHookParam param) throws Throwable {


                }

            });
        }
    }
}

上面示例主要是展示瞭mac地址 與 androidId獲取的檢測與調用堆棧的打印,方便快速定位存在隱私合規問題的代碼位置,其他隱私信息獲取也類似,這裡就不一一展示
5、在assets目錄下新建文件名為:xposed_init 的文件,並將剛才新建的那個類的完整類名填寫到第一行,比如:com.sswl.xposed.PrivacyHook

6、點擊打包安裝到逍遙模擬器之後,打開Xposed Installer, 點擊模塊進去,勾選剛才打包安裝的應用,重啟模擬器即生效

在這裡插入圖片描述

在這裡插入圖片描述

7、最後可以看一下,檢測打印的日志

2022-07-25 20:29:30.022 1908-1908/com.sswl.myxmsj W/Xposed: =============================================================
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj I/Xposed: 調用android.provider.Settings$System.getString
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.xposed.PrivacyHook$2.beforeHookedMethod(PrivacyHook.java:61)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:340)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: android.provider.Settings$System.getString(<Xposed>)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.ta.utdid2.device.c.i(SourceFile:196)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.ta.utdid2.device.c.j(SourceFile:223)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.ta.utdid2.device.c.h(SourceFile:415)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.ta.utdid2.device.c.getValue(SourceFile:279)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.ta.utdid2.device.b.a(SourceFile:50)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.ta.utdid2.device.b.b(SourceFile:84)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.ta.utdid2.device.UTDevice.getUtdid(SourceFile:18)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.ut.device.UTDevice.getUtdid(SourceFile:16)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.alibaba.sdk.android.push.impl.j.a(Unknown Source)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.alibaba.sdk.android.push.impl.j.register(Unknown Source)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.sdk.g.b.ax(SourceFile:47)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.sdk.b.a.initApplication(SourceFile:160)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.channel.SSWLSdk.initApplication(SourceFile:41)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.template.e.initApplication(SourceFile:110)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.template.f.initApplication(SourceFile:32)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.myxmsj.HTApplication.onCreate()
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1024)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: android.app.ActivityThread.handleBindApplication(ActivityThread.java:5405)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:360)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: android.app.ActivityThread.handleBindApplication(<Xposed>)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: android.app.ActivityThread.-wrap2(ActivityThread.java)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: android.app.ActivityThread$H.handleMessage(ActivityThread.java:1546)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: android.os.Handler.dispatchMessage(Handler.java:102)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: android.os.Looper.loop(Looper.java:154)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: android.app.ActivityThread.main(ActivityThread.java:6121)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: java.lang.reflect.Method.invoke(Native Method)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:889)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: com.android.internal.os.ZygoteInit.main(ZygoteInit.java:779)
2022-07-25 20:29:30.023 1908-1908/com.sswl.myxmsj E/Xposed: de.robv.android.xposed.XposedBridge.main(XposedBridge.java:107)
2022-07-25 20:29:30.170 111-111/? E/Xposed: Unsupported st_mode 16877
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj W/Xposed: =============================================================
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj I/Xposed: 調用getNetworkInterfaces
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.xposed.PrivacyHook$1.beforeHookedMethod(PrivacyHook.java:37)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:340)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: java.net.NetworkInterface.getNetworkInterfaces(<Xposed>)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: anet.channel.util.d.h(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: anet.channel.util.d.i(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: anet.channel.util.d.e(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: anet.channel.status.b.d(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: anet.channel.status.b.a(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: anet.channel.status.NetworkStatusHelper.startListener(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: anet.channel.SessionCenter.init(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: anetwork.channel.http.NetworkSdkSetting.init(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.alibaba.sdk.android.push.vip.AppRegister.h(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.alibaba.sdk.android.push.vip.AppRegister.a(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.alibaba.sdk.android.push.impl.j.a(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.alibaba.sdk.android.push.impl.j.register(Unknown Source)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.sdk.g.b.ax(SourceFile:47)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.sdk.b.a.initApplication(SourceFile:160)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.channel.SSWLSdk.initApplication(SourceFile:41)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.template.e.initApplication(SourceFile:110)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.template.f.initApplication(SourceFile:32)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.sswl.myxmsj.HTApplication.onCreate()
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: android.app.Instrumentation.callApplicationOnCreate(Instrumentation.java:1024)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: android.app.ActivityThread.handleBindApplication(ActivityThread.java:5405)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: de.robv.android.xposed.XposedBridge.invokeOriginalMethodNative(Native Method)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: de.robv.android.xposed.XposedBridge.handleHookedMethod(XposedBridge.java:360)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: android.app.ActivityThread.handleBindApplication(<Xposed>)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: android.app.ActivityThread.-wrap2(ActivityThread.java)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: android.app.ActivityThread$H.handleMessage(ActivityThread.java:1546)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: android.os.Handler.dispatchMessage(Handler.java:102)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: android.os.Looper.loop(Looper.java:154)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: android.app.ActivityThread.main(ActivityThread.java:6121)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: java.lang.reflect.Method.invoke(Native Method)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.android.internal.os.ZygoteInit$MethodAndArgsCaller.run(ZygoteInit.java:889)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: com.android.internal.os.ZygoteInit.main(ZygoteInit.java:779)
2022-07-25 20:29:30.184 1908-1908/com.sswl.myxmsj E/Xposed: de.robv.android.xposed.XposedBridge.main(XposedBridge.java:107)

到此這篇關於Android應用隱私合規檢測實現方案的文章就介紹到這瞭,更多相關Android隱私合規檢測內容請搜索WalkonNet以前的文章或繼續瀏覽下面的相關文章希望大傢以後多多支持WalkonNet!

推薦閱讀: