Abstract: The objective of the present invention is to provide technology for detecting malicious action of an application upon a terminal device using a low load as well as to increase accuracy of detection; in particular, to provide technology capable of performing detection even regarding an application which has been deleted upon the terminal device. A change in the installation state of an application in a terminal device is detected, upon which information for the installed application is reported to a fraud detection server so as to be recorded. In addition, a predetermined feature value based on an application file or component files configuring a package of the application is reported to the fraud detection server. The feature value is associated with the malicious action of the application so as to be registered in an application DB, whereupon if malicious action of the application is detected, fraud detection information is transmitted to the terminal device.

Abstract: The objective of the present invention is to provide technology for detecting malicious action of an application upon a terminal device using a low load as well as to increase accuracy of detection; in particular, to provide technology capable of performing detection even regarding an application which has been deleted upon the terminal device. A change in the installation state of an application in a terminal device is detected, upon which information for the installed application is reported to a fraud detection server so as to be recorded. In addition, a predetermined feature value based on an application file or component files configuring a package of the application is reported to the fraud detection server. The feature value is associated with the malicious action of the application so as to be registered in an application DB, whereupon if malicious action of the application is detected, fraud detection information is transmitted to the terminal device.