摘要 |
The present invention relates to a method for detecting a spy application and a modulation of a system on an android operating system, comprising the following steps of: (a) detecting a spy application by comparing a package name with file hash information which are transmitted to a server from a client terminal, based on package names of spy applications and file hash information which are stored in a server; (b) defining permission information required for a spy function, function information provided from an android when an application is developed, and spy terms, detecting the same in an application, and calculating a question index of the spy application according to the weight and detection count thereof; (c) detecting whether a system is modulated or not through hash comparison in the case that a terminal build number having a normal hash value stored is connected to the system if a manager stores the normal hash value based on the terminal build number depending on provision of hash information of the system from a user terminal; and (d) detecting whether a process using a root and a permission promotion command is included or not. |