On March 15, 2022, CCTV's "315" party once again focused on the topic of APP compliance, with the theme of ""Free WiFi" App Hidden Trap" and "Low-end Children's Smart Watches Become Walking Voyeurs", which carried out in-depth reports on the violations of "tricking and misleading users to download APP" and "deceiving and misleading users to provide personal information" in the name of free automatic WiFi, as well as relying on wearable devices for "APP mandatory, frequent and excessive permission".
Free WiFi, low-end children's watches have become the "hardest hit areas" of violations
"Free WiFi" actual detection and failed to provide free WiFi can be connected, but in the application interface marked significant "open", "confirm", "connect" content to the user to trick click, the user click after the system automatically began its "hidden" APP download, with the increasing number of tests, more and more APP in the mobile phone is automatically installed, the mobile phone also began to frequently pop up all kinds of advertisements and become difficult to use.
Low-end children's smart watches generally use a low version of the Android system, malicious programs can be easily installed into the children's table, while all kinds of APP can take away the location, address book, microphone and camera and other sensitive permissions without user authorization, which means that it is easy to obtain the child's location, face images, recordings and other privacy information.
He Yanzhe, deputy director of the Evaluation Laboratory of the Network Security Center of the China Electronics Technology Standardization Institute, said: "The low version of the operating system, it actually has a cost consideration behind it, but it ignores the security of user use, bringing endless consequences to consumers."
On March 14, 2022, the State Internet Information Office issued a notice on the "Regulations on the Protection of Minors Online (Draft for Solicitation of Comments)" to solicit comments again, and Chapter 4 of the Draft Opinions pointed out that the protection of personal information should focus on strengthening the protection of minors' personal information, and personal information processors should strictly set information access permissions for their staff on the principle of minimum authorization, and control the scope of knowledge of minors' personal information.
Since entering 2022, the Ministry of Industry and Information Technology has completed two batches of more than 200 compliance issues for 134 APP and SDK, and the scope of the notification involves 10 major types of violations such as "APP mandatory, frequent, excessive request for authority", "illegal collection of personal information", "forcing users to use the targeted push function", "collecting personal information beyond the scope", and "illegal use of personal information".
Compliance governance enters the deep water zone Mobile APP and IoT device privacy need to be paid attention to
Looking at the recent situation of national APP compliance governance, the governance work has entered the deep-water area, but also to the stage of tackling tough problems, from the regulatory side, there are generally difficult problems of regional asset mapping, regional violations and regional violations, but a large number of applications to obtain mobile APP data are more hidden, and it is necessary to rely on manual detailed tracking to find that the detection is more difficult, and from the enterprise side, there is still a situation of weak legal awareness, low detection efficiency and incomplete compliance work. Due to the illegal collection of user information by APP and the irregular internal management, some enterprises use big data analysis to form accurate personal portraits based on APP vulnerabilities or illegal APP collection locations, phone calls, text messages, communication records, audio-visual and Internet behaviors, etc., resulting in serious personal information leakage incidents, and even providing data support for criminal activities such as fraud. Excessive collection of personal information, illegal theft of personal information, abuse of personal information and even resale of personal information are endless, and information leakage is serious, resulting in a great threat to the security of personal information, resulting in users generally believing that cyberspace is untrustworthy and even less secure.
In view of these challenges facing compliance, the Qian Pangu privacy and security team actively invested in compliance research, successively launched privacy guard, mobile application monitoring platform, mobile application security products with corresponding service support capabilities, with the ability to conduct privacy compliance detection and analysis of Android Apps, iOS Apps, Mini Programs, and IoT devices, and formed a perfect APP privacy protection mechanism, which can provide a platform for all kinds of compliance demanders to work together. Through technical means to assist in the discovery of privacy and security risks, to avoid the resulting data leakage, asset loss and other risks to help users effectively do a good job in APP privacy compliance.
Taking Privacy Guard as an example, it can conduct compliance testing on the methods of personal information collection (self-collection/third-party collection), use rights (self-use/third-party use), collection frequency, whether it leaves the country, whether it is in line with the description of the privacy policy, etc., covering 7 categories such as collection rules, use rules, term status, user rights and interests, more than 90 detection items, and has expandable detection capabilities to ensure compliance with the collection and use of personal information. At present, it fully supports Platforms such as Android Apps, iOS Apps, Mini Programs, and IoT Devices.
Over the years of the "315" party, personal privacy, APP excessive claims, data leakage, etc. are the hot words of the party, this year's "315" also set up a 315 information security laboratory for the first time, which marks that the compliance work is not limited to mobile APP compliance, has been expanded from the mobile phone to smart watches, smart home appliances, IoT devices, the future will gradually extend to smart vehicle devices. The person in charge of privacy and security of QianpanPangu said that the team will continue to strengthen technology development and strive to implement the requirements of the Cybersecurity Law, data security law and personal information protection law to escort the development of compliance business.
Leifeng Network
![Ice Pier Speech Violations On Hot Search? Popular all over Japan, mascots also have the trouble of lifting and lowering their jobs[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)