The Internet, which is a human centered connectivity network where humans generate and consume information, is now evolving to an internet of things (IoT) where distributed entities, such as things, exchange and process information without human intervention. In addition, an internet of everything (IoE), which is a combination of the IoT technology and big data processing technology through connection with a cloud server, has emerged.
As technology elements, such as “sensing technology,” “wired/wireless communication and network infrastructure,” “service interface technology,” and “security technology” have been demanded for IoT implementation, a sensor network, a machine-to-machine (M2M) communication, machine type communication (MTC), and so forth have been recently researched.
An IoT environment may provide intelligent Internet technology services that create a new value to human life by collecting and analyzing data generated among connected things. IoT may be applied to a variety of fields including smart home, smart building, smart city, smart car or connected cars, smart grid, health care, smart appliances, and advanced medical services through convergence and combination between existing information technology (IT) and various industrial applications.
Various user information may be stored at a storage included in a communication device such as a smart phone, a tablet, a smart watch, a smart band, a smart necklace, and a smart ring and managed while the communication device is used. The various user information may include personal information such as system preferences, a searching record, an alarm, a Wi-Fi list, a picture, an image file, a contact list, call history, a text message, schedule, an e-mail, and the like. Further, the various user information may be stored at the storage with a database form. For convenience, a database (DB) within a storage included in a communication device in which personal information is stored will be referred to as personal information database within device (PIDBD).
Meanwhile, each of various applications (Apps), which are installed on the communication device, may request an access to the PIDBD to acquire personal information in order to provide a related service.
Alternatively, each of the Apps may store and manage personal information by directly generating a DB. Here, a DB generated in an App may be easily attacked by various external risks, such as a malicious App, a malicious code, loss of a device, a looted device, and the like, when compared to a PIDBD, which is managed at a system level. As such, there is a high probability that a security incident, such as a leak of personal information, will occur.
Therefore, many users use several Apps to implement various security policies, such as database encryption, and the like, in order to prevent a security incident. However, such security policies may have a significant load due to the development for an App in which a database security solution is applied to the App on the development for the App. Therefore, a database security policy is currently not applied to most of Apps registered at an App market.
Currently, in a communication device, there is no scheme of checking how personal information is safely managed on Apps installed on the communication device.
An example of a method of protecting personal information by detecting a malicious App in a communication device in a communication system will be described with reference to FIG. 1.
FIG. 1 schematically illustrates an example of a method of protecting personal information by detecting a malicious App in a communication device in a communication system, according to the related art.
Referring to FIG. 1, if an App, e.g., ANDROIDMANIFEST.XML, is installed on a communication device through an App package file, e.g., an Android App package (APK) file, the communication device performs a security scanning process and a code static analyzing process on the App to determine whether the App is a malicious App. The communication device extracts an authority related file from the App and analyzes the extracted authority related file to determine whether the App is a malicious App.
As described in FIG. 1, if an App is installed on a communication device, the communication device may detect whether the installed App is a malicious App. If the installed App is a new malicious App, which is not known, it may be impossible to prevent a leak of personal information due to various external risks.
An example of a method of protecting personal information by detecting a malicious App in a communication device in a communication system has been described with reference to FIG. 1, and another example of a method of protecting personal information by detecting a malicious App in a communication device in a communication system will be described with reference to FIG. 2.
FIG. 2 schematically illustrates another example of a method of protecting personal information by detecting a malicious App in a communication device in a communication system, according to the related art.
Referring to FIG. 2, as described in FIG. 1, if an App is installed on a communication device through an App package file, e.g., an APK file, the communication device performs a security scanning process and a code static analyzing process on the App to determine whether the App is a malicious App.
Even though the App is a malicious App, there may be limitations on preventing a leak of personal information which may occur due to various external risks such as a malicious App, a malware, loss of a device, a looted device, and the like.
Accordingly, there is a need for a method for safely protecting personal information managed in an App which is installed on a communication device.
The above information is presented as background information only to assist with an understanding of the present disclosure. No determination has been made, and no assertion is made, as to whether any of the above might be applicable as prior art with regard to the present disclosure.