The annual college entrance examination is over, and many students are about to leave their parents and enter university life alone. However, due to their limited life experience, they are easily targeted by criminals.
The opening season of each year is also the peak period for freshmen to suffer fraud. Here are some common cases. Some scammers will ask freshmen to download and register some malicious financial applications. These applications may contain programs such as viruses and Trojans, or they may be applications that imitate some well-known software. Criminals can steal bank cards and other individuals in mobile phones through malicious applications. sensitive data. There are also scammers who use small gifts or coupons as bait to guide students to scan the code to fill in their personal information. Freshmen are often less alert, and unknowingly leak information such as phone numbers and addresses. It is indiscriminately bombarded with spam calls and text messages. If the QR code containing the link to the phishing website is scanned, it may further lead to the leakage of private data. Some criminals, in the name of grants, let poor students log in to phishing websites to fill in bank card passwords, etc., which directly caused the students' property losses.
In the face of endless scams, apps need to detect phishing websites, malicious applications, and risky network environments in a timely manner, and use in-app prompts to attract users' attention to ensure user information security. So, is there any way to enhance application security capabilities in multiple dimensions? As an app developer, you can integrate Huawei HMS Core security detection services for your applications, quickly build application security capabilities, protect students' personal information and property security, and escort freshmen to college.
The application security detection capability of HMS Core's security detection service can help App developers obtain the list of malicious applications on the running device. For applications that carry viruses, the detection rate is as high as 99%, and it also has the ability to detect unknown threats based on behavior. The app can decide whether to restrict users from making payments in the app based on the detection results.
The malicious URL detection capability of HMS Core's security detection service can determine whether the URL accessed by the user is a malicious URL. For malicious URLs, you can choose to prompt or block the user's access risk.
HMS Core's security detection service malicious Wi-Fi detection capability detects the characteristics of the Wi-Fi and routers trying to connect, analyzes the current network status you are trying to access, and feeds back the Wi-Fi detection results in real time. In the event of attacks, man-in-the-middle attacks, DNS hijacking, etc., the operation can be blocked or the user can be further authenticated to help prevent malicious behavior attacks from malicious Wi-Fi.
HMS Core security detection service also has system integrity detection and fake user detection capabilities, which can help developers quickly improve application security. The integration process is simple and efficient. The following is a detailed access tutorial.
Demo
App security checks
Malicious URL detection
Malicious Wi-Fi Detection
Development steps
1 Development preparation
For detailed preparation steps, please refer to the official website of Huawei Developer Alliance .
2 Application security detection API
2.1 Call AppsCheck API
You can directly call getMaliciousAppsList of SafetyDetectClient to get the list of malicious apps:
private void invokeGetMaliciousApps() {
SafetyDetectClient appsCheckClient = SafetyDetect.getClient(MainActivity.this);
Task task = appsCheckClient.getMaliciousAppsList();
task.addOnSuccessListener(new OnSuccessListener<MaliciousAppsListResp>() {
@Override
public void onSuccess(MaliciousAppsListResp maliciousAppsListResp) {
// Indicates that communication with the service was successful.
// Use resp.getMaliciousApps() to get malicious apps data.
List<MaliciousAppsData> appsDataList = maliciousAppsListResp.getMaliciousAppsList();
// Indicates get malicious apps was successful.
if(maliciousAppsListResp.getRtnCode() == CommonCode.OK) {
if (appsDataList.isEmpty()) {
// Indicates there are no known malicious apps.
Log.i(TAG, "There are no known potentially malicious apps installed.");
} else {
Log.i(TAG, "Potentially malicious apps are installed!");
for (MaliciousAppsData maliciousApp : appsDataList) {
Log.i(TAG, "Information about a malicious app:");
// Use getApkPackageName() to get APK name of malicious app.
Log.i(TAG, "APK: " + maliciousApp.getApkPackageName());
// Use getApkSha256() to get APK sha256 of malicious app.
Log.i(TAG, "SHA-256: " + maliciousApp.getApkSha256());
// Use getApkCategory() to get category of malicious app.
// Categories are defined in AppsCheckConstants
Log.i(TAG, "Category: " + maliciousApp.getApkCategory());
}
}
}else{
Log.e(TAG,"getMaliciousAppsList failed: "+maliciousAppsListResp.getErrorReason());
}
}
}).addOnFailureListener(new OnFailureListener() {
@Override
public void onFailure(Exception e) {
// An error occurred while communicating with the service.
if (e instanceof ApiException) {
// An error with the HMS API contains some
// additional details.
ApiException apiException = (ApiException) e;
// You can retrieve the status code using the apiException.getStatusCode() method.
Log.e(TAG, "Error: " + SafetyDetectStatusCodes.getStatusCodeString(apiException.getStatusCode()) + ": " + apiException.getStatusMessage());
} else {
// A different, unknown type of error occurred.
Log.e(TAG, "ERROR: " + e.getMessage());
}
}
});
}3 Malicious URL detection API
3.1 Initialize URLCheck API
Before using the URLCheck API, you must call the initUrlCheck method to initialize the interface, and you need to wait for the initialization to complete before making the next interface calls. The sample code is as follows:
SafetyDetectClient client = SafetyDetect.getClient(getActivity());
client.initUrlCheck();3.2 Request URL Detection
Specify the concerned threat type. You can use the concerned threat type as a parameter of the URL detection API. Among them, the constants in the UrlCheckThreat class contain the currently supported threat types:
public class UrlCheckThreat {
//此类型URL被标记为包含潜在有害应用的页面的URL(篡改首页、网页挂马、恶意应用下载链接等)
public static final int MALWARE = 1;
// 这种类型的URL被标记为钓鱼、欺诈网站
public static final int PHISHING = 3;
}Initiate a URL detection request. The URL to be detected contains the protocol, host, and path, but does not contain query parameters. The sample code for calling the API is as follows:
String url = "https://developer.huawei.com/consumer/cn/";
SafetyDetect.getClient(this).urlCheck(url, appId, UrlCheckThreat.MALWARE, UrlCheckThreat.PHISHING).addOnSuccessListener(this, new OnSuccessListener<UrlCheckResponse >(){
@Override
public void onSuccess(UrlCheckResponse urlResponse) {
if (urlResponse.getUrlCheckResponse().isEmpty()) {
// 无威胁
} else {
// 存在威胁!
}
}
}).addOnFailureListener(this, new OnFailureListener() {
@Override
public void onFailure(@NonNull Exception e) {
// 与服务通信发生错误.
if (e instanceof ApiException) {
// HMS发生错误的状态码及对应的错误详情.
ApiException apiException = (ApiException) e;
Log.d(TAG, "Error: " + CommonStatusCodes.getStatusCodeString(apiException.getStatusCode()));
// 注意:如果状态码是SafetyDetectStatusCode.CHECK_WITHOUT_INIT,
// 这意味着您未调用initUrlCheck()或者调用未完成就发起了网址检测请求,
// 或者在初始化过程中发生了内部错误需要重新进行初始化,需要重新调用initUrlCheck()
} else {
// 发生未知类型的异常.
Log.d(TAG, "Error: " + e.getMessage());
}
}
});Get the response of the URL detection, call the getUrlCheckResponse method of the returned object UrlCheckResponse , and return a List<UrlCheckThreat> , which contains the detected URL threat types. If the list is empty, it means that no threat is detected, otherwise, you can call getUrlCheckResult in UrlCheckThreat to get the specific threat code. The sample code is as follows:
final EditText testRes = getActivity().findViewById(R.id.fg_call_urlResult);
List<UrlCheckThreat> list = urlCheckResponse.getUrlCheckResponse();
if (list.isEmpty()) {
testRes.setText("ok");
}
else{
for (UrlCheckThreat threat : list) {
int type = threat.getUrlCheckResult();
}
}3.3 Close the URL detection session
If your application no longer uses or does not call the URL detection interface for a long time, please call the shutdownUrlCheck method to close the URL detection session and release resources.
SafetyDetect.getClient(this).shutdownUrlCheck();4 Malicious Wi-Fi Detection API
4.1 Call WifiDetect API
private void invokeGetWifiDetectStatus() {
Log.i(TAG, "Start to getWifiDetectStatus!");
SafetyDetectClient wifidetectClient = SafetyDetect.getClient(MainActivity.this);
Task task = wifidetectClient.getWifiDetectStatus();
task.addOnSuccessListener(new OnSuccessListener<WifiDetectResponse>() {
@Override
public void onSuccess(WifiDetectResponse wifiDetectResponse) {
int wifiDetectStatus = wifiDetectResponse.getWifiDetectStatus();
Log.i(TAG, "\n-1 :获取Wi-Fi状态失败\n" + "0 :未连接Wi-Fi\n" + "1 :当前连接的Wi-Fi安全\n" + "2 :当前连接的Wi-Fi不安全.");
Log.i(TAG, "wifiDetectStatus is: " + wifiDetectStatus);
}
}).addOnFailureListener(new OnFailureListener() {
@Override
public void onFailure(Exception e) {
if (e instanceof ApiException) {
ApiException apiException = (ApiException) e;
Log.e(TAG,
"Error: " + apiException.getStatusCode() + ":"
+ SafetyDetectStatusCodes.getStatusCodeString(apiException.getStatusCode()) + ": "
+ apiException.getStatusMessage());
} else {
Log.e(TAG, "ERROR! " + e.getMessage());
}
}
});
}
Log.i(TAG, "Start to getWifiDetectStatus!");
SafetyDetectClient wifidetectClient = SafetyDetect.getClient(MainActivity.this);
Task task = wifidetectClient.getWifiDetectStatus();
task.addOnSuccessListener(new OnSuccessListener<WifiDetectResponse>() {
@Override
public void onSuccess(WifiDetectResponse wifiDetectResponse) {
int wifiDetectStatus = wifiDetectResponse.getWifiDetectStatus();
Log.i(TAG, "\n-1 :获取Wi-Fi状态失败\n" + "0 :未连接Wi-Fi\n" + "1 :当前连接的Wi-Fi安全\n" + "2 :当前连接的Wi-Fi不安全.");
Log.i(TAG, "wifiDetectStatus is: " + wifiDetectStatus);
}
}).addOnFailureListener(new OnFailureListener() {
@Override
public void onFailure(Exception e) {
if (e instanceof ApiException) {
ApiException apiException = (ApiException) e;
Log.e(TAG,
"Error: " + apiException.getStatusCode() + ":"
+ SafetyDetectStatusCodes.getStatusCodeString(apiException.getStatusCode()) + ": "
+ apiException.getStatusMessage());
} else {
Log.e(TAG, "ERROR! " + e.getMessage());
}
}
});
}Learn more details>>
Visit the official website of Huawei Developer Alliance
Get development guidance documents
Huawei Mobile Services Open Source Warehouse Address: GitHub , Gitee
Follow us to know the latest technical information of HMS Core for the first time~
android
java
**粗体** _斜体_ [链接](http://example.com) `代码` - 列表 > 引用。你还可以使用@来通知其他用户。