Search

CN-121985322-A - APP cloud detection method and system based on cloud mobile phone

CN121985322ACN 121985322 ACN121985322 ACN 121985322ACN-121985322-A

Abstract

The cloud detection server receives a mobile phone number to be detected and an App list, performs attribution analysis on the mobile phone number and matches the Android cloud mobile phone of a corresponding region in the cloud mobile phone cluster, responds to the situation that the target App needs to adopt a cloud mobile phone scheme for detection, connects the cloud mobile phone through remote control and starts Frida a dynamic code stake-inserting client, frida stake-inserting script intercepts a 'search friend', 'add friend' or functionally equivalent interface of a mobile phone number search user called inside the target App, intercepts result data of an official after the interface requests the App server, and judges the registration state of the mobile phone number to be detected in the target App based on the returned result data.

Inventors

  • DONG PENGFEI
  • LI FEILONG
  • WANG WENWEI
  • ZHANG LEI
  • DENG LIFENG

Assignees

  • 厦门市美亚柏科信息安全研究所有限公司

Dates

Publication Date
20260505
Application Date
20251128

Claims (12)

  1. 1. An APP cloud detection method based on a cloud mobile phone is characterized by comprising the following steps: S1, deploying an Android cloud mobile phone cluster with Root rights, pre-installing a target App in the cloud mobile phone cluster, and logging in an effective account capable of executing user search operation; S2, the cloud detection server receives the mobile phone number to be detected and an App list, performs attribution analysis on the mobile phone number, and matches Android cloud mobile phones in the corresponding region in the cloud mobile phone cluster based on attribution; S3, responding to the situation that a target App needs to adopt a cloud mobile phone scheme for detection, connecting the cloud detection server with the Android cloud mobile phone through remote control, starting Frida a dynamic code instrumentation client, and injecting a script into a Frida server in the cloud mobile phone to look at a Java layer internal interface of the target App; S4, the Frida stake inserting script intercepts interfaces of searching friends, adding friends or functional equivalents of a mobile phone number searching user, takes the mobile phone number to be detected as a parameter to enter the interfaces, and intercepts result data returned after the interfaces request to an App official server; s5, judging the registration state of the mobile phone number to be detected in the target App based on the returned result data, and returning the registration state to the cloud detection server.
  2. 2. The cloud cell phone based APP cloud detection method of claim 1 wherein said S4-S5 are sequentially executed within the same target application in response to a detection task comprising a plurality of cell phone numbers to be detected.
  3. 3. The cloud mobile phone-based APP cloud detection method according to claim 1, wherein the step S2 specifically comprises classifying an App list after receiving a mobile phone number to be detected and the App list, and respectively processing an App supporting direct protocol detection and an App requiring cloud mobile phone scheme detection.
  4. 4. The cloud mobile phone-based APP cloud detection method of claim 1, wherein in S3, before executing a Hook operation, the target APP logs in a valid account number capable of executing a user search operation in the cloud mobile phone.
  5. 5. The cloud handset-based APP cloud detection method of claim 1, wherein in S4, the cloud handset' S egress proxy IP is periodically replaced during execution of an interface call to a target APP.
  6. 6. A computer readable storage medium having stored thereon one or more computer programs, which when executed by a computer processor implement the method of any of claims 1-5.
  7. 7. APP cloud detection system based on cloud cell-phone, characterized by, include: The cloud mobile phone cluster is configured to deploy an Android cloud mobile phone with Root permission, a target App is pre-installed on the Android cloud mobile phone, and an effective account capable of executing user search operation is logged in the target App; The cloud detection server is configured to receive a mobile phone number to be detected and an App list, conduct attribution analysis on the mobile phone number to be detected, select an Android cloud mobile phone corresponding to an attribution region from the Android cloud mobile phone cluster based on an analysis result, establish remote control connection with the Android cloud mobile phone when a target App needs to be detected through a cloud mobile phone scheme, send Frida dynamic code instrumentation script to a Frida server in the Android cloud mobile phone, use a Hook Java layer internal interface of the target App, receive call return data of searching friends, adding friends or a functionally equivalent interface of the target App intercepted by the Frida instrumentation script, and determine a registration state of the mobile phone number to be detected in the target App based on the return data.
  8. 8. The cloud mobile phone-based APP cloud detection system of claim 7, wherein the cloud detection server comprises a cloud mobile phone detection module, the cloud mobile phone detection module comprises a home location analysis submodule, a load balancing submodule and a remote control submodule client, the home location analysis submodule is used for analyzing a home location of the mobile phone number to be detected, the load balancing submodule is used for managing cloud mobile phones in the cloud mobile phone cluster and providing available cloud mobile phone information of a corresponding region according to a home location analysis result, and the remote control submodule client is used for managing detection tasks and sending a remote control instruction and Frida dynamic code instrumentation script to the cloud mobile phone cluster.
  9. 9. The cloud mobile phone-based APP cloud detection system of claim 8, wherein the cloud detection server further comprises a task management module configured to categorize the APP list, divide the APP list into a direct protocol version detection APP and a cloud mobile phone scheme detection APP, and assign the cloud mobile phone scheme detection task to the cloud mobile phone detection module.
  10. 10. The cloud mobile phone-based APP cloud detection system of claim 8, wherein the cloud mobile phone cluster structure comprises: the remote control sub-module server is configured to analyze the control request sent by the cloud detection server and call an App detection control sub-module to complete detection work; An App detection control submodule is configured to execute actual detection work of the target App on the Android cloud mobile phone, and comprises interface interception and data interception by utilizing the Frida dynamic code instrumentation technology; And the IP agent pool control submodule is configured to replace the local IP agent in time according to the requirement of the remote control submodule server.
  11. 11. The cloud-handset-based APP cloud detection system of claim 7, wherein when detecting a plurality of handset numbers for a same target APP, the Android cloud handset is configured to sequentially perform detection of the plurality of handset numbers within the same target APP.
  12. 12. The cloud cell phone based APP cloud detection system of claim 7, wherein said target APP has logged in said cloud cell phone with a valid account number for performing user search operations prior to performing Hook operations.

Description

APP cloud detection method and system based on cloud mobile phone Technical Field The invention relates to the technical field of information security and mobile internet application detection, in particular to an APP cloud detection method and system based on a cloud mobile phone. Background With the popularity of the mobile internet, the number of social, network lending, games, short video, and various live applications has grown exponentially. In the above applications, the user needs to use the mobile phone number as the core identifier of the account, so as to promote the detection requirement for whether the mobile phone number is registered in a specific App. In the fields of teenager protection, anti-addiction supervision, content security inspection, investigation and evidence collection, and the like, the accurate judgment of whether a certain mobile phone number is registered with an App of a specific type has become a very critical technical capability. The existing App account state detection scheme mainly depends on network protocol analysis and simulation technology. The typical method comprises the steps of analyzing an App public login interface, a registration interface and a forgetting password interface, simulating request parameters, forging HTTP/HTTPS messages, or inquiring an account recovery and verification interface of a third-party website to judge whether the mobile phone number is registered or not. The above technical path can function in part App, but it has natural limitations. In particular: many key applications do not provide any "whether to register" class interface that can be simulated, and a large number of social classes, live class, lending class apps do not have open login or account check APIs, or do strong consolidation of the protocol, resulting in a failure of efficient detection by protocol simulation. The method includes that an App which is registered for the first time can not judge the registration state through a protocol, and after the App is installed, a registration account is automatically established only by inputting a mobile phone number or a verification code and finishing the first time registration, so that whether the mobile phone number exists or not can not be inferred through simulating a registration/forgetting password. For frequently simulating the behaviors of logging in, attempting to register, verifying short messages, accessing and retrieving password interfaces and the like, the protocol detection is very easy to trigger the wind control strategy of the App, and the App usually adopts the strategies of IP restriction, equipment fingerprint restriction, abnormal access blocking, verification code blacking and the like, so that the detection success rate of the traditional scheme is low for a long time. The protocol of different apps has large difference and high maintenance cost, the interface field, signature processing and encryption logic of each App are different, the version is updated frequently, the protocol detection mode is always required to be updated continuously and reversely, the maintenance cost is high, and the stability is poor. Meanwhile, in recent years, cloud mobile phone (Cloud Android) technology has been rapidly developed. The cloud mobile phone has the characteristics of remote control, real Android system running in real time, root permission providing and the like, and is suitable for simulating real mobile phone environment running App in the cloud. Compared with protocol simulation, based on a cloud mobile phone, the system can directly drive an official client to execute real actions. However, how to "intercept a user search interface invoked inside an App" in a cloud mobile phone environment and use it to determine whether a mobile phone number is registered is an unresolved problem in the prior art. Disclosure of Invention In order to solve the technical problems in the prior art, the invention provides an APP cloud detection method and system based on a cloud mobile phone, and aims to solve the technical problems. According to a first aspect of the present invention, there is provided an APP cloud detection method based on a cloud mobile phone, including: S1, deploying an Android cloud mobile phone cluster with Root rights, pre-installing a target App in the cloud mobile phone cluster, and logging in an effective account capable of executing user search operation; S2, the cloud detection server receives the mobile phone number to be detected and an App list, analyzes the attribution of the mobile phone number, and matches Android cloud mobile phones of the corresponding region in the cloud mobile phone cluster based on the attribution; S3, responding to the situation that the target App needs to adopt a cloud mobile phone scheme for detection, connecting the cloud detection server with an Android cloud mobile phone through remote control, starting Frida a dynamic code instrumentation client, and injecti