In the era of mobile Internet where mobile intelligent terminal application software (APP) is rampant and popular, it has indeed brought a lot of convenience to the public, directly triggering an intangible transformation of the new model from offline to online, and promoting the development of the national economy and social progress. However, some unscrupulous merchants' apps, under the guise of various group-buying promotions, points, red envelopes, small gifts, and rich functions, take advantage of the public's psychology to make them install their APP software, easily allowing users to unlock "unnecessary" mobile phone permissions and quietly "steal" a large amount of users' personal privacy, information, and data. Once these "stolen" personal privacy, information and data are used for improper purposes, the consequences would be unimaginable.

To address the chaos in the protection of personal information security by apps, the Ministry of Public Security of the People's Republic of China, in collaboration with four other ministries and commissions (the Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration for Market Regulation), has launched a special governance campaign against illegal and irregular collection and use of personal information by apps, and has established a special governance working group for apps. Regulating the relevant permissions for apps to apply for the collection and use of personal information is of great significance for strengthening the protection of personal information by apps. We offer personal information security detection for apps, helping individuals and enterprises verify the legality of mobile application behavior analysis and collection of personal information, as well as the legality of APP permission detection content. This effectively assists government agencies and industry regulatory bodies in providing administrative law enforcement basis, and helps APP development companies and APP operation companies offer professional rectification suggestions for apps. Provide efficient, accurate and complete personal information security detection reports for apps.
Currently, there are 26 key App permissions in the commonly used native Android operating system that are closely related to the collection and use of personal information.

The App applies for the permission to collect and use personal information
CALENDAR: Read and edit the calendar
CALL_LOG call record: Read call records, edit call records, modify or view dialing
CAMERA: To take pictures
CONTACTS Address book: Read the address book, edit the address book, and obtain application accounts
LOCATION: Access precise location, access rough location
MICROPHONE: Recording
PHONE: Read the phone status (IMSI/IMEI number of the device), read the local phone number, make a call, receive a call, add voicemail, and use Internet phone
SENSORS: Obtain information from body sensors (such as heart rate, etc.)
SMS text messages: Send text messages, receive text messages, read text messages, receive WAP push notifications, receive MMS
STORAGE: Read from external memory, write to external memory
Detection parameters
The legality of collecting personal information
The minimum necessity for collecting personal information
Independent selection of multiple business functions
Authorization and consent for the collection of personal information
Personal Information Protection Policy
Exceptions to obtaining authorization and consent
Testing basis
GB/T 35273-2020 "Information Security Technology - Personal Information Security Specification"

Business Process
I. Business Stage
The client can submit the software evaluation requirements via wechat, QQ, phone, etc
2. Our company's representative will conduct a preliminary analysis of the software's testability based on the evaluation requirements provided by the client
3. The client shall fill in the "Application Form for Entrusted Testing".
4. Our company's representative will provide the "Quotation for Entrusted Testing" to the client.
5. Both parties reach a consensus and sign the "Entrusted Testing Contract and Confidentiality Agreement".
Ii. Implementation Stage
Our company's technical personnel communicated with the technical personnel of the client's unit about the implementation plan and carried out the software evaluation and implementation work
2. Our company's technicians will provide the client with a list of software defects
After the client modifies the software defect, our technicians will conduct regression testing
Iii. Delivery Stage
Our technicians analyzed the test results, put forward reasonable optimization suggestions and risk avoidance methods
2. Our company's technical personnel have compiled the "APP Personal Information Security Inspection Report"
3. Review the "APP Personal Information Security Inspection Report"
4. Affix the seal on the "APP Personal Information Security Inspection Report" and finally deliver the report
The materials provided
Test application form
2. A list of system functions consistent with the application form
3. A user manual consistent with the application form
4. APP download address
Constraint conditions
Sign the "Software Testing Entrustment Contract" and the "Confidentiality Agreement
Test cycle
The "APP Personal Information Security Inspection Report" will be issued within 3 to 10 working days.
Service area
Software evaluation reports from regions such as Beijing, Shanghai, Tianjin, Chongqing, Liaoning Province, Heilongjiang Province, Jilin Province, Guangdong Province, Hainan Province, Fujian Province, Hunan Province, Sichuan Province, Chongqing Municipality, Guizhou Province, Yunnan Province, Guangxi Province, Hubei Province, Henan Province, Shandong Province, Gansu Province, Xinjiang Province, Xizang Autonomous Region, Hebei Province, Shaanxi Province, Shanxi Province, Zhejiang Province, and Jiangsu Province.
