The National Computer Virus Emergency Response Center recently found that 14 mobile apps had privacy irregularities through Internet monitoring, and two financial apps, Tianjin Rural Commercial Bank and Home Credit Finance, were notified. The reporter combed and found that since last year, the apps of many financial institutions such as Bank of Communications Pacific Credit Card Center, Tianjin Rural Commercial Bank, Dongguan Rural Commercial Bank, Bank of Shanxi, Jinshang Bank, Shanxi Securities, Jianghai Securities and other financial institutions have been notified of privacy non-compliance, illegal collection of personal information, excessive request for permissions and other problems have repeatedly appeared, and the dilemma of personal information protection needs to be solved.
Pan Yue Cartography
Since last year, a number of financial institution apps have been named
The Tianjin Rural Commercial Bank App (the source of the application is AppTreasure, version 6.5.0) is alleged to have two problems: first, the privacy policy does not list the purpose, method, and scope of the collection and use of personal information by the App (including entrusted third parties or embedded third-party codes and plug-ins), which is suspected of privacy non-compliance; Home Credit Financial (application source is App Treasure, version 34.46.0) has not formulated special rules for handling personal information when personal information processors process the personal information of minors under the age of 14. suspected privacy non-compliance".
"In view of the recent monitoring of the National Computer Virus Emergency Response Center and the discovery of privacy non-compliance in the App of our Bank (Tianjin Rural Commercial Bank version 6.5.0, App Treasure), our Bank immediately contacted the National Computer Virus Emergency Response Center to clarify the main reasons for the incident, one is that the text of some clauses in the customer privacy agreement is not clear enough, and the other is to monitor the customer's network status in real time, prompt the weak network environment, and maintain smooth service, when the remote video banking control of our bank is running in the background, it will continue to obtain the network status. Tianjin Rural Commercial Bank subsequently responded that under the guidance of the National Computer Virus Emergency Response Center, the user privacy terms have been revised and updated, and the mobile banking client program has been optimized, and related problems have been rectified. "The above problems do not harm the security of our bank's mobile banking app, and the security of customers' funds, transactions and information will not be affected. ”
On March 29, the Guangdong Provincial Communications Administration publicly notified 18 apps that had not completed rectification as required, and the Dongguan Rural Commercial Bank App (the source of the application was AppTreasure) was named for "illegal collection of personal information" and "compulsory, frequent, and excessive requests for permissions by the App".
According to public information, the reporter found that since last year, the apps of many banks, securities and other financial institutions have been notified of privacy non-compliance.
The Ministry of Industry and Information Technology issued the "Notice on Apps (SDKs) Infringing on Users' Rights and Interests (8th Batch in 2023, 34th Batch in Total)" issued at the end of November last year, naming 22 apps and SDKs (third-party software development kits) as infringing on users' rights and interests, including Zhejiang Tailong Bank's "Taihuihui" (the application source is Samsung App Store, version 1.9.7) and Jianghai Securities's "Jianghai Jinlong Comprehensive Edition" (The application source is Baidu mobile assistant, the version is V9.00.44). Among them, Zhejiang Tailong Bank's "Taihui Collection" involves illegal collection of personal information, as well as compulsory, frequent, and excessive requests for permissions by the App, and Jianghai Securities' "Jianghai Jinlong Comprehensive Version" involves compulsory, frequent, and excessive requests for permissions by the App. In March, the Ministry of Industry and Information Technology (MIIT) issued the "Notice on Apps (SDKs) Infringing on Users' Rights and Interests (2nd Batch, 28th Batch in 2023)" which named 55 apps and SDKs, including the Bank of Jilin App App (the application source is Huawei AppGallery, version 5.2.0), which also involves "compulsory, frequent, and excessive requests for permissions by apps".
In addition, from April to September 2023, the Cyberspace Administration of Shanghai Municipality carried out special inspections on the collection and use of personal information on 46 apps with a large number of downloads and complaints, and found more than 160 problems. The Bank of Communications Pacific Credit Card Center's "Pay Bar" (the app is from HUAWEI AppGallery, versions 6.1.1 and 6.4.0) was named for four issues: forced collection of unnecessary personal information, failure to provide users with the service agreement to actively check the service, incomplete privacy policy, and excessive collection of personal information. It is reported that after notification and follow-up guidance, the named App operation units have all completed the rectification of the problem.
In May last year, the Shanxi Provincial Communications Administration publicly announced that 12 apps had not been rectified as required. Among them, the Shanxi Bank App (version 3.4.2) involves "the first operation of the App, before the user agrees to the privacy policy, the user's personal information is collected privately", the "Jinxiang Life" (version 4.1.04) and the Jinshang Bank App (version 5.0.0) of Shanxi Rural Credit Cooperatives have the problem of "failing to list and explain the purpose, method and scope of the collection and use of personal information by the third-party SDK in the privacy policy", and the "Huitong Qifu" of Shanxi Securities (version 6.7.4.1) was named for "the App does not explicitly indicate to the user that there are frequent self-launch or associated launches without the user's consent, or without reasonable usage scenarios".
Data security and privacy protection are challenging
When users use apps to carry out financial transactions and obtain financial services and products, a large amount of personal data is also recorded, and user privacy protection is also facing more challenges as applications are promoted to scenarios and ecosystems.
The "2023 Financial App Market Governance and Development Report" (hereinafter referred to as the "Report") recently released by the Internet Finance Association of China pointed out that the current financial app field still faces some risks and challenges that cannot be ignored: some practitioners have a certain deviation in their understanding of the legal system and standards in the fields of network security and personal information protection, and their implementation is not in place; The development trend of intelligent, cloud-based and platform-based finance puts forward higher requirements for business compliance, system performance, and network security of financial apps, and financial apps involve sensitive information such as customer data, transaction data, and capital flows, and scenario-based and ecological trends bring challenges to data security and privacy protection.
According to the Internet Finance Association of China, financial apps are an important channel for institutions to provide digital financial services and a key starting point for promoting digital transformation, and strengthening self-discipline filing management will help improve the security of financial apps, guide and urge practitioners to pay more attention to data security and privacy protection, and improve financial consumers' trust and sense of security in using financial apps. By the end of 2023, the association has completed the filing of 2,429 financial apps (including related filings) with 3,112 institutions, and has discovered and supervised the rectification of more than 60,000 loopholes and hidden dangers in the process of carrying out financial app filings. Through self-discipline management methods such as review and assessment, risk monitoring, and violation publicity, in 2023, the average number of data security problems found by a single app decreased by 33.6% year-on-year, security protection problems decreased by 29.8% year-on-year, and problems in the collection and use of personal information decreased by 5.9% year-on-year, and the average number of permission applications for a single app showed a year-on-year downward trend.
Some industry insiders pointed out that the banking APP database collects massive market data and customer transaction data, which is the core competitive asset of the institution, especially the personal identification feature information, which is easy to be copied and irretrievable after leakage, causing serious harm to personal privacy and property. Some banking institutions lack attention to this, on the one hand, due to the lack of supervision of practitioners, on the other hand, the lack of App network defense, and in the face of the rapid development of technology, security issues are becoming more and more prominent.
Various efforts have been made to promote the compliance development of financial apps
At present, the telecommunications and internet industries have not yet issued specific guidance documents for the protection of personal information of financial service apps, and the existing standards and norms are difficult to fully meet the needs of business development and security compliance of financial service apps, and there is a lack of uniform norms for the collection, use, and processing of personal information in the operation and use of financial service apps. In this context, the Chongqing Supervision Bureau of the State Administration of Financial Supervision and Administration, the Chongqing Local Financial Administration, and the Chongqing Municipal Communications Administration recently jointly issued the Notice on Promoting the Improvement of the Compliance Operation Capacity of Personal Information Protection of Financial Service Apps (hereinafter referred to as the "Notice") to establish a joint supervision mechanism, and based on the current laws and regulations, combined with the characteristics of the financial industry, the Chongqing Financial Services Mobile Internet Application Personal Information Protection Compliance Guide (V1.0) has been sorted out and completed. Local financial organizations and relevant app operators are to conduct compliance guidance.
The Notice further consolidates the main responsibilities of banking and insurance institutions, local financial organizations, and relevant App operators for personal information protection, and targets the four major types of financial service apps classified in the Provisions on the Scope of Necessary Personal Information for Common Types of Mobile Internet Applications: online lending, investment and wealth management, mobile banking, and online payment, covering part-time financial management, securities trading, credit cards, insurance, business inquiries, consumer finance, financial information, commodity investment, foreign exchange inquiries, investment and wealth management, In terms of lottery services, we will sort out specific references and practical guidelines from the nine major aspects of personal information protection work for financial service apps, clarify the specifications and processes for institutions in the collection, storage, use, and processing of personal financial information, promote the formation of long-term mechanisms for personal information protection in the financial industry within their jurisdiction, and continuously improve the compliance operation capacity and management level of financial service apps. At the same time, the "Notice" clarifies that the three departments shall establish a joint supervision mechanism, carry out special inspections in a timely manner, and carry out coordinated governance and joint supervision of the illegal collection and use of personal information by financial service apps ex officio, so as to form a joint regulatory force and rectify outstanding problems such as the illegal collection, use, and leakage of personal information by financial service apps.
The Chongqing Supervision Bureau of the State Administration of Financial Supervision and Administration said that in the next step, it will cooperate with relevant departments to continue to focus on key issues of personal information protection, increase the investigation and rectification of institutional violations, and promote the continuous improvement of the level of personal information protection and governance in the industry.
The Internet Finance Association of China also stated that it will continue to do a good job in the self-discipline filing management of financial apps, first, to explore the inclusion of financial activities related to apps in the scope of self-discipline filing management, to achieve full coverage of market governance, and at the same time to further optimize the filing assessment method to reduce the compliance cost of practitioners; second, to appropriately extend the filing management from technical security review to the compliance field of some business content of the App, and further strengthen self-discipline inspection; third, to explore the establishment of a self-discipline coordination mechanism to promote the development, operation, distribution, and distribution of financial apps. Fourth, organize and carry out data reporting related to financial apps and regularly publish app market monitoring reports; fifth, improve the mobile financial trusted public service platform to realize functions such as financial app product query and comprehensive information disclosure, and promote the safe, compliant and sustainable development of financial apps. (Reporter Zhang Xiaojie reports from Beijing)
Source: Economic Information Daily
![Transformation of Investment Bankers: Starting from Selling Wealth Management|Financial Workplace Illustrated[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)