On April 25, the National Computer Virus Emergency Treatment Center recently found through Internet monitoring that 17 apps, including GF Yitao Gold And Western Securities, had privacy irregularities, violated the Cybersecurity Law, the Personal Information Protection Law and other relevant regulations, and were suspected of collecting personal privacy information beyond the scope.
In this regard, Western Securities responded to Zhongxin Jingwei and said that in response to the warning problems of the National Computer Virus Emergency Treatment Center, the list of confirmed problems was implemented at the first time. The main problems focus on the problems such as the unclear description of the account cancellation (mobile phone number cancellation) scenario by the privacy agreement, and the location permission obtained by iFLYTEK SDK while obtaining voice permissions. At present, the Network Finance Department, Compliance Department and Legal Department of Western Securities are actively rectifying, and it is planned to send the rectified Xintianyou installation package, revised privacy agreement and rectification instructions to the National Computer Virus Emergency Treatment Center on April 25, 2022. Upload updates in major app stores as soon as possible after the test is passed.
However, according to the Securities Times, some brokers said that the Android application market is more, most of the operating institutions in the main application market release, some small application markets without authorization from other markets, crawling in the process of crawling version is too old, crawling information loss and other situations, the detection of the extraction of the detection of the version is not downloaded from the official official release of the application market.
According to the notification rules, 16 of the 17 apps are suspected of privacy non-compliance because they do not explicitly apply to users for all the privacy permissions (see Table 1).
1 App began collecting personal information before obtaining the user's consent, suspected of privacy non-compliance, for Caitong Securities (version 9.9.3, Pea Pod).
The 9 apps did not provide effective functions for correcting, deleting personal information and canceling user accounts, or setting unreasonable conditions for canceling user accounts, which was suspected of privacy non-compliance (see Table 2).
1 APP has not established or published personal information security complaints, reporting channels, or exceeded the promised time limit for handling replies, suspected of privacy non-compliance, for China Post Securities (version 7.1.2.0, Xiaomi App Store).
From the above information, it can be seen that the 17 APP in this circular belong to the financial industry, involving 13 securities companies and 4 third-party stock trading software. According to the understanding of Zhongxin Jingwei, the National Computer Virus Emergency Treatment Center will detect whether there are privacy non-compliance behaviors in mobile APPS in related industries from time to time. The APP evaluation for the securities industry is a spot check, not an industry-wide inspection.
In the era of digital economy, securities companies are competing to make efforts to financial technology, and APP as a bridge to link C-end users is also one of the key points of construction. Analysys Qianfan data shows that as of now, there are 191 related apps in the securities industry. Zhongxin Jingwei combed and found that in the APP involving the above privacy non-compliance issues, the third-party application with the highest monthly activity volume was Great Wisdom, with the average monthly activity volume in the first quarter of 2022 as high as 9.7644 million / person-time, e Haitong Cai (owned by Haitong Securities), GF Securities Yitaojin, China Galaxy Securities, Niu Stock King and other Apps, which ranked behind them, all of which reached more than 3 million / person-time, and there were also some small and medium-sized securities companies, such as Wanhe Securities, Zhongshan Securities, etc., with a monthly active volume of between 50,000-100,000 / person-time.
However, it is necessary to be vigilant that with the official implementation of the Personal Information Protection Law, privacy protection has ushered in a new era, and the financial industry should also balance the protection of user privacy and accurate portrait operation. Article 27 of the Code for the Protection of the Rights and Interests of Investors in Securities Companies, which came into effect on May 15, 2021, also stipulates that "when securities companies collect and use investors' personal financial information such as investors' personal identity information, asset information, trading information, trading terminal information, etc., they shall comply with laws, regulations and regulatory provisions, and shall not collect information unrelated to business in violation of regulations." Securities companies shall adopt measures such as data encryption, access control, secure transmission, signature authentication, etc., to strengthen the control of internal and third-party cooperative institutions, strengthen the protection of investor information, and prevent relevant information from being illegally stolen, intercepted, leaked or tampered with. ”
Zhongxin Jingwei noted that it is not the first time that the brokerage APP has been named due to privacy protection issues. Securities companies such as Pacific Securities and Bohai Securities have been named before, and Internet brokers such as Tiger Securities have also been named by regulators for cross-border data security issues.
In view of the above situation, the National Computer Virus Emergency Treatment Center reminds the majority of mobile phone users to first carefully download and use the above illegal and illegal mobile Apps, and at the same time pay attention to carefully reading their user agreements and privacy policy descriptions, not arbitrarily opening and agreeing to unnecessary privacy permissions, not entering personal privacy information at will, regularly maintaining and cleaning relevant data, and avoiding personal privacy information being leaked. (Zhongxin Jingwei APP)
(The views in this article are for reference only and do not constitute investment advice, investment is risky, and you need to be cautious when entering the market.) )
Zhongxin Jingwei copyright, without written authorization, any unit and individual shall not reprint, excerpt or otherwise use.
Editor-in-Charge: Chang Tao