Wen 丨 壹 Observation Su Yi
At this year's CCTV 315 gala, user privacy and security issues have once again become the focus, and 4 out of 13 cases are related to user privacy and information security, which can be described as shocking.
In recent years, the regulatory authorities have been more resolute in their attitude towards "chaos" governance, and the behavior of Internet applications infringing on user privacy and security has tended to be "zero tolerance", and within a week of April this year, they have reported and summarized relevant issues three times.
How to protect user privacy and information security "without breaking defense"? From the perspective of application governance, legal constraints and government supervision are required, and the application distribution platform needs to fully assume the main responsibility, resolutely implement security requirements, and fully participate in social forces in order to play a synergistic role and play a comprehensive governance effect.
According to the Huawei App Market 2021 Annual Security and Privacy Report released on March 25, Huawei's app market will retest more than 200,000 apps and actively dispose of more than 60,000 problematic apps in 2021. Including special retests such as privacy policies, protection of minors, and application 'face change', the risk of using applications is effectively reduced.
This is the fourth consecutive year that Huawei has released an annual report on security and privacy. It is understood that Huawei is the only one among the application distribution platforms: it not only resolutely implements the review requirements, but also continues to systematically present measures and achievements to protect security and privacy to the public for many years, fully reflecting the responsibility and responsibility of the application distribution platform.
The magic path of application ecological security is in contention
By the end of 2021, China's Internet users have exceeded 1 billion people (data from the China Internet Network Information Center), of which more than 99% use mobile phones to access the Internet, the distribution of mobile Internet applications has reached 2.1 trillion times, and the average daily user time on the Internet is more than 5 hours. The mobile Internet has been closely related to the lives of users, but the road is one foot high, and on the other side of the glamorous development, black and ash production is quietly upgrading and frequently entering the public life.
According to the 49th Statistical Report on the Development of China's Internet Network, as of December 2021, 22.1% of netizens have experienced personal information leakage, and illegal disclosure of citizens' personal information is the source of most telecommunications network fraud crimes. According to the Supreme People's Court, in 2020 alone, domestic telecommunications network fraud caused property losses to citizens amounted to 35.37 billion yuan. At the same time, information leakage also brings harassing calls, promotional advertisements and other violations that interfere with the normal life of users.
The battle of wits with the black and gray industry on the Internet has never stopped, and in recent years, at the 3.15 evening party, the problem of privacy information leakage and exposure has almost become a must. At the national level, especially in 2021, on the basis of the Cybersecurity Law, the Data Security Law and the Personal Information Protection Law were officially promulgated and implemented. Based on the relevant provisions and special actions of the three laws, special actions have been launched one after another. At the end of last month, CCTV's "Chaowen Tianxia" once again shelled the application of the problem, focusing on the illegal collection and collection of personal information beyond the scope.
In view of application governance, the Ministry of Industry and Information Technology has vigorously rectified the illegal collection and use of personal information, pop-up window harassment and other violations of users' rights and interests through the formulation of standards, technical inspections, special rectification and other measures. The data shows that in 2021, the Ministry of Industry and Information Technology has tested a total of 2.08 million applications, notified 1549 illegal applications, and removed 514 applications that refused to rectify.
In this process, the application distribution platform has become an important collaborative governance party, and the regulatory authorities have repeatedly emphasized that the application platform should play the main responsibility. However, in the actual landing process, although most of the head mobile phone manufacturers have a strict security system and implementation measures, in a large number of search engines, networks, application information flow channels, there are some channels for various reasons, landing is not in place.
At the same time, netizens' awareness of privacy protection is still under construction. According to third-party survey results, only about one-third of Chinese mobile phone users carefully read privacy protocols, and most people pay less attention to privacy protocols and whether apps have acquired additional permissions.
Therefore, for ordinary netizens, paying attention to privacy and security has become a compulsory course. Either increase security awareness and carefully understand the privacy protocol and application permission description before downloading the app, or choose a secure download channel so that privacy information leakage is avoided as much as possible. For example, the application market of the head mobile phone manufacturer is selected, after all, these application platforms are effective in ecological security governance and are more reliable.
Leveraging the "EvolutionAry Flywheel" of Application Ecological Security Governance
In the past four years since the continuous release of the annual security and privacy report, Huawei's application market has not only established an evolvable user privacy security mechanism, but also achieved an annual distribution of the application market from 45 billion times to 432 billion times, an increase of nearly 10 times in five years, making HMS the third largest mobile application ecosystem in the world. Whether in terms of absolute volume, growth rate or security, Huawei's application market is in a leading position in China.
The "flywheel effect" is used by Internet companies to describe user growth models, such as Amazon's "flywheel effect." There is also a flywheel effect in the application of ecological governance, but it is a double flywheel that is more intertwined and more complex, and ultimately the two development goals of user scale and ecological development must be achieved.
For ecological security, the core strategies of general platforms at different ecological stages will be different. In the early stage of ecological barbaric growth, the platform side will often focus on the establishment of a framework; in the second stage of the ecology, the bad currency reaches a certain scale, producing negative network effects, and the platform will carry out targeted attacks; until the ecology has a large scale, it is the time when ecological governance plays a role, and there will be complete platform specifications, technical measures and corresponding organizational guarantees. Huawei's application market is already in its third stage.
So, how does Huawei's application market leverage the "double flywheel" of application ecological security governance to achieve equal emphasis on scale and security development?
"One Observation" believes that it is mainly reflected in three dimensions:
First of all, a safety original intention.
Since 2011, Huawei has regarded network security and privacy protection as one of its important development strategies, and in Huawei's internal document No. 001 in 2019, it emphasizes network security and privacy protection as the company's highest program. At the same time, the responsibility for network and business security is placed above the company's commercial interests. It is precisely this highest requirement and original intention that allows Huawei to establish a sound security and privacy protection system in the application market, pass a series of international/domestic security certifications, and strictly implement the round of review requirements of the regulatory authorities to protect the rights and interests of users.
Second, two evolutionary engines.
In the face of millions of application applications per year, Huawei has developed its own automated test platform/system, taking the SecDroid security test platform as an example, integrating a variety of security services such as virus Trojan scanning, advertising behavior analysis, and privacy leakage analysis. The more applications this cloud test tool has tested, the higher the efficiency and accuracy, and the ability to evolve with the number of tests continues to increase.
The first engine is an automated detection tool based on big data and guaranteed by technological innovation, which improves the efficiency of developer application security on the shelf. According to Huawei's annual security and privacy report, in 2021, Huawei's application market processed more than one million applications for application listings, of which 95% of the audits were completed within 24 hours. This is a big plus for developers.
The second engine is user-centric product feature innovation. Taking one observation's experience in using Huawei's mobile phone application market as an example, if you want to download the "Get Things" app, you can first see that it is an application suitable for 18-year-old + users. In 2018, Huawei pioneered the "application classification" system according to age in China, under which all applications in the Huawei application market will be divided into five gradients of 3 years old, 7 years old, 12 years old, 16 years old, and 18 years old. Through the application download page continues to slide, you can quickly view the relevant privacy policy of the APP, and you can also see what permissions the application will need to give the user to authorize, so that the user has the right to know and manage the application to call its own information.
In fact, in the past five years, Huawei has made great efforts to innovate products and functions to protect user privacy and security, including the "application classification" system, application security detection function, children's account, privacy label function, and pure mode. More critically, in the process of designing safety products and functions, "there are people in the eyes" to protect different levels of users.
Third, the whole life cycle security system.
Huawei provides a security assurance system covering the entire lifecycle of an application, from developer qualification review, pre-shelf security detection, operation management during application download and use, regular application retesting, and tracking of user feedback issues. Similar systems will be established for each application download platform, but the landing capacity and review intensity will be different.
For example, huawei's four-fold detection system in the application market, based on the mode of automation tools + manual real-name re-inspection, has high requirements for both the system and people. During the operation, there are not only Huawei's spontaneous regular backtesting mechanism, but also special investigations required by regulatory authorities, including: privacy special retest, game anti-addiction special retest, "Qinglang" special retest, advertising special retest, "face change" application special retest, etc.
Regarding security as the company's highest program, with dual engines of technology leadership and product innovation, coupled with a full-life cycle security system, it is the key to Huawei's application market to drive the "evolutionary flywheel" and ensure rapid growth under the condition of ensuring safety.
The new core competitiveness of mobile phone enterprises: security application ecology
The "2022 high-end mobile phone consumer survey report in the Chinese mainland market" released by HCR Huichen, a joint data analysis company of the Daily Economic News, shows that among the expectations of users for domestic high-end mobile phones, reducing advertising and paying attention to user privacy and security ranks in the top five. And for older users over the age of 45, the expectation of privacy and security ranks second with 37.3%, and for young people under 30 years old, reducing advertising and improving the brand ecology is in the TOP3 position.
Under the anxiety of privacy and security, users will pay more and more attention to safe application download channels and user experience, and form psychological inertia dependence and user reputation on download channels and even corresponding mobile phone brands. Therefore, in the long run, the application ecological security governance will affect the richness of the brand and the sense of user security, which will become the soft power of the mobile phone brand and become an important consideration for users to change or purchase a machine.
In the past decade, Chinese cities have been one of the "two poles of innovation" of the global mobile Internet, but at the same time, the privacy and security troubles caused by the black and gray production of the Internet have always been in the shadows. In this process, the platform enterprises that carry mobile Internet services, fast applications, and mini programs have a special identity, they are the enforcers of regulatory regulations, the makers of ecological rules, and the guardians of user rights and interests.
Facing the era of Internet of Everything in the next decade, the digital world and the physical world are highly overlapping, users switch in different scenarios, and need to complete the seamless switching of data and services in a large number of terminals, which requires agile connection, data flow and real-time authentication, which poses an unprecedented challenge to security. In other words, security has become one of the core basic underlying capabilities that all TOP companies must have in the era of Internet of Everything.
As a portable and daily high-frequency use of intelligent terminal devices, smart phones are becoming human "digital organs". As the main entrance to digital services, the application market has also become the gatekeeper of user privacy and security. For Huawei, the concept and persistence of information security as the highest program is to make every effort to ensure user security and privacy in the short term, and in the long run, it is to consolidate the core foundation of the next round of market competition and new ecological construction.