Securing networks against spear phishing attacks
US-8990933-B1 · Mar 24, 2015 · US
Application privacy scanning systems and related methods
US11113416B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11113416-B2 |
| Application number | US-202117163701-A |
| Country | US |
| Kind code | B2 |
| Filing date | Feb 1, 2021 |
| Priority date | Jun 10, 2016 |
| Publication date | Sep 7, 2021 |
| Grant date | Sep 7, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
An application privacy analysis system is described, where the system obtains an application and analyzes it for privacy related data use. The system may determine privacy related activities of the application from established sources of such data and/or may decompile the application and analyze the resulting code to determine the privacy related activities of the application. The system may execute the application and monitor the communications traffic exchanged by the application to determine privacy related activities of the application. The system may store the results of such analyses for future reference.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented data processing method for performing static mobile application privacy analysis, the method comprising: obtaining, by a privacy analysis system, a mobile device application; determining, by the privacy analysis system, identifying information for the mobile device application; querying, by the privacy analysis system, a database of application characteristics using the identifying information; receiving, by the privacy analysis system, a response to the database query comprising an identifier of a software development kit used to generate the mobile device application; decompiling, by the privacy analysis system, the mobile device application to generate a decompiled mobile device application based at least in part on the software development kit used to generate the mobile device application; analyzing, by the privacy analysis system, the decompiled mobile device application to determine one or more data types referenced by the decompiled mobile device application; determining, by the privacy analysis system, that the one or more data types comprise personal data; at least partially in response to analyzing the decompiled mobile device application, determining, by the privacy analysis system, to perform dynamic privacy analysis of the mobile device application; responsive to determining to perform the dynamic privacy analysis of the mobile device application, setting, by the privacy analysis system, a dynamic privacy analysis indicator; determining, by the privacy analysis system, a privacy risk score based at least in part on the response to the database query and the one or more data types referenced by the decompiled mobile device application; and storing, by the privacy analysis system, the privacy risk score and the one or more data types referenced by the decompiled mobile device application. 2. The computer-implemented data processing method of claim 1 , further comprising analyzing, by the privacy analysis system, the decompiled mobile device application to determine one or more application programming interface (API) calls made by the decompiled mobile device application. 3. The computer-implemented data processing method of claim 2 , further comprising analyzing, by the privacy analysis system, the one or more API calls to determine one or more second types of data accessed by each of the one or more API calls. 4. The computer-implemented data processing method of claim 2 , further comprising analyzing, by the privacy analysis system, the one or more API calls to determine one or more permissions requested by each of the one or more API calls. 5. The computer-implemented data processing method of claim 4 , wherein the one or more permissions comprise one or more device component access permissions. 6. The computer-implemented data processing method of claim 2 , further comprising analyzing, by the privacy analysis system, the one or more API calls to determine one or more geographical destinations to which the mobile device application transmits data. 7. The computer-implemented data processing method of claim 1 , further comprising presenting, by the privacy analysis system, the privacy risk score to a user on a graphical user interface as a color-coded element of a list comprising one or more privacy risk scores. 8. A non-transitory computer-readable medium storing computer-executable instructions for performing static mobile application privacy analysis, the computer-executable instructions comprising instructions for: receiving, by one or more computer processors, identifying information for a mobile device application; obtaining, by the one or more computer processors, based at least in part on the identifying information, the mobile device application; querying, by the one or more computer processors, using the identifying information, a database of application characteristics for an identifier of a software development kit used to generate the mobile device application; receiving, by the one or more computer processors, from the database of application characteristics, a response comprising the identifier of the software development kit used to generate the mobile device application; obtaining, by the one or more computer processors, the software development kit used to generate the mobile device application based at least in part on the identifier of the software development kit used to generate the mobile device application; decompiling, by the one or more computer processors, the mobile device application to generate a decompiled mobile device application based at least in part on the software development kit used to generate the mobile device application; analyzing, by the one or more computer processors, the decompiled mobile device application to determine one or more data types referenced by the mobile device application; determining, by the one or more computer processors, that the one or more data types comprise personal data; at least partially in response to analyzing the decompiled mobile device application, determining, by the one or more computer processors, to perform dynamic privacy analysis of the mobile device application; responsive to determining to perform the dynamic privacy analysis of the mobile device application, setting, by the one or more computer processors, a dynamic privacy analysis indicator; determining, by the one or more computer processors, a privacy risk score based at least in part on the response to the database query and the one or more data types referenced by the mobile device application; and storing, by the one or more computer processors, the privacy risk score and the one or more data types referenced by mobile device application. 9. The non-transitory computer-readable medium of claim 8 , wherein analyzing the decompiled mobile device application to determine the one or more data types referenced by the mobile device application comprises querying, by the one or more computer processors, a database of software development kit information to determine the one or more data types. 10. The non-transitory computer-readable medium of claim 8 , wherein: the computer-executable instructions further comprise instructions for receiving, by the one or more computer processors, dynamic privacy analysis results data; and determining the privacy risk score is further based at least in part on the dynamic privacy analysis results data. 11. The non-transitory computer-readable medium of claim 10 , wherein the dynamic privacy analysis results data comprises one or more pieces of data selected from a group consisting of: (a) a type of data; (b) a data source; (c) a data destination; (d) a geographical location; and (e) a network address. 12. The non-transitory computer-readable medium of claim 11 , wherein: the dynamic privacy analysis results data comprises the geographical location; the computer-executable instructions further comprise instructions for determining, by the one or more computer processors, based at least in part on the geographical location, an applicable set of regulations; and determining the privacy risk score is further based at least in part on the applicable set of regulations. 13. The non-transitory computer-readable medium of claim 8 , wherein determining to perform the dynamic privacy analysis of the mobile device application is based at least in part on the response to the database query. 14. The non-transitory computer-readable medium of claim 8 , wherein the computer-executable instructions further comprise instructions for analyzing, by the one or more computer processors, the
Assignees
Inventors
Classifications
Indexing; Data structures therefor; Storage structures (for retrieval from the web G06F16/951) · CPC title
- G06F21/6245Primary
Protecting personal data, e.g. for financial or medical purposes · CPC title
Test or assess software · CPC title
Browsing; Visualisation therefor (for navigating the web G06F16/954; browsing optimisation for the web G06F16/957) · CPC title
Details of hyperlinks; Management of linked annotations · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11113416B2 cover?
- An application privacy analysis system is described, where the system obtains an application and analyzes it for privacy related data use. The system may determine privacy related activities of the application from established sources of such data and/or may decompile the application and analyze the resulting code to determine the privacy related activities of the application. The system may ex…
- Who is the assignee on this patent?
- Onetrust Llc
- What technology area does this patent fall under?
- Primary CPC classification G06F21/6245. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Sep 07 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).