| 发明名称 |
VERIFICATION THAT PARTICULAR INFORMATION IS TRANSFERRED BY AN APPLICATION |
| 摘要 |
The technology includes a method to test what information an application transfers to an external computing device. A user's consent is explicitly obtained before the application transfers certain types of information, such as sensitive information. When a determination is made that an application is transferring sensitive information, a prompt for consent from a user may be provided that is accurate and detailed. In pre-production environments, technology can be used to detect whether this sensitive information is being transferred, and to validate whether a prompt for consent is necessary or unnecessary. To determine this, shimming is used to intercept application calls to APIs that return sensitive information. Requested sensitive information may be substituted with recorded or forged information from those APIs to produce a sentinel or canary. Similarly, network traffic of the application may be analyzed by another shim to determine when the substitute information is present. |
| 申请公布号 |
US2015074689(A1) |
申请公布日期 |
2015.03.12 |
| 申请号 |
US201314019978 |
申请日期 |
2013.09.06 |
| 申请人 |
Microsoft Corporation |
发明人 |
Christiansen Dave;Cantrell Bethan Tetrault;Bruno Michelle R. |
| 分类号 |
G06F9/54 |
主分类号 |
G06F9/54 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method to test an application, the method comprising:
receiving a request from the application for information; providing substitute information as the information to the application; receiving a request from the application to output application information to an external computing device; inspecting the application information to determine whether the substitute information is included in the application information; and outputting the application information to the external computing device. |
| 地址 |
Redmond WA US |
