Information Security Strengthening

APP Personal Information Security Inspection Report

We offer personal information security detection for apps, helping individuals and enterprises verify the legality of mobile application behavior analysis and collection of personal information, as well as the legality of APP permission detection content. This effectively assists government agencies and industry regulatory bodies in providing administrative law enforcement basis, and helps APP development companies and APP operation companies offer professional rectification suggestions for apps. Provide efficient, accurate and complete personal information security detection reports for apps.

Read

In the era of mobile Internet where mobile intelligent terminal application software (APP) is rampant and popular, it has indeed brought a lot of convenience to the public, directly triggering an intangible transformation of the new model from offline to online, and promoting the development of the national economy and social progress. However, some unscrupulous merchants' apps, under the guise of various group-buying promotions, points, red envelopes, small gifts, and rich functions, take advantage of the public's psychology to make them install their APP software, easily allowing users to unlock "unnecessary" mobile phone permissions and quietly "steal" a large amount of users' personal privacy, information, and data. Once these "stolen" personal privacy, information and data are used for improper purposes, the consequences would be unimaginable.

APP隐私

To address the chaos in the protection of personal information security by apps, the Ministry of Public Security of the People's Republic of China, in collaboration with four other ministries and commissions (the Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration for Market Regulation), has launched a special governance campaign against illegal and irregular collection and use of personal information by apps, and has established a special governance working group for apps. Regulating the relevant permissions for apps to apply for the collection and use of personal information is of great significance for strengthening the protection of personal information by apps. We offer personal information security detection for apps, helping individuals and enterprises verify the legality of mobile application behavior analysis and collection of personal information, as well as the legality of APP permission detection content. This effectively assists government agencies and industry regulatory bodies in providing administrative law enforcement basis, and helps APP development companies and APP operation companies offer professional rectification suggestions for apps. Provide efficient, accurate and complete personal information security detection reports for apps.

Currently, there are 26 key App permissions in the commonly used native Android operating system that are closely related to the collection and use of personal information.

安卓操作系统有26个重点权限

The App applies for the permission to collect and use personal information

CALENDAR: Read and edit the calendar

CALL_LOG call record: Read call records, edit call records, modify or view dialing

CAMERA: To take pictures

CONTACTS Address book: Read the address book, edit the address book, and obtain application accounts

LOCATION: Access precise location, access rough location

MICROPHONE: Recording

PHONE: Read the phone status (IMSI/IMEI number of the device), read the local phone number, make a call, receive a call, add voicemail, and use Internet phone

SENSORS: Obtain information from body sensors (such as heart rate, etc.)

SMS text messages: Send text messages, receive text messages, read text messages, receive WAP push notifications, receive MMS

STORAGE: Read from external memory, write to external memory

Detection parameters

The legality of collecting personal information

The minimum necessity for collecting personal information

Independent selection of multiple business functions

Authorization and consent for the collection of personal information

Personal Information Protection Policy

Exceptions to obtaining authorization and consent

Testing basis

GB/T 35273-2020 "Information Security Technology - Personal Information Security Specification"

Business Process

I. Business Stage

The client can submit the software evaluation requirements via wechat, QQ, phone, etc

2. Our company's representative will conduct a preliminary analysis of the software's testability based on the evaluation requirements provided by the client

3. The client shall fill in the "Application Form for Entrusted Testing".

4. Our company's representative will provide the "Quotation for Entrusted Testing" to the client.

5. Both parties reach a consensus and sign the "Entrusted Testing Contract and Confidentiality Agreement".

Ii. Implementation Stage

Our company's technical personnel communicated with the technical personnel of the client's unit about the implementation plan and carried out the software evaluation and implementation work

2. Our company's technicians will provide the client with a list of software defects

After the client modifies the software defect, our technicians will conduct regression testing

Iii. Delivery Stage

Our technicians analyzed the test results, put forward reasonable optimization suggestions and risk avoidance methods

2. Our company's technical personnel have compiled the "APP Personal Information Security Inspection Report"

3. Review the "APP Personal Information Security Inspection Report"

4. Affix the seal on the "APP Personal Information Security Inspection Report" and finally deliver the report

The materials provided

Test application form

2. A list of system functions consistent with the application form

3. A user manual consistent with the application form

4. APP download address

Constraint conditions

Sign the "Software Testing Entrustment Contract" and the "Confidentiality Agreement

Test cycle

The "APP Personal Information Security Inspection Report" will be issued within 3 to 10 working days.

Service area

Software evaluation reports from regions such as Beijing, Shanghai, Tianjin, Chongqing, Liaoning Province, Heilongjiang Province, Jilin Province, Guangdong Province, Hainan Province, Fujian Province, Hunan Province, Sichuan Province, Chongqing Municipality, Guizhou Province, Yunnan Province, Guangxi Province, Hubei Province, Henan Province, Shandong Province, Gansu Province, Xinjiang Province, Xizang Autonomous Region, Hebei Province, Shaanxi Province, Shanxi Province, Zhejiang Province, and Jiangsu Province.

More solutions for "information security reinforcement"