Disclose SDK data collection practices in your privacy policy, configure system and optional permissions appropriately, and initialize the SDK after user consent to comply with personal information protection regulations.
Disclose SDK Usage in the Privacy Policy
App operators must inform end users about how the SDK processes personal information, including the SDK name, business functions, processing purpose, types of personal information collected, and a link to the privacy policy.
Describe the use of the Device Fraud Detection SDK separately in your app's Privacy Policy, and disclose the following information in the Third-Party Sharing List:
SDK name: Device Fraud Detection SDK
Business functions: Detect abnormal devices and identify cheating and fraud risks
Types of personal information collected: Specify based on the actual data items collected
Permissions used: Specify based on the actual permission configuration
Privacy policy link: https://terms.aliyun.com/legal-agreement/terms/suit_bu1_ali_cloud/suit_bu1_ali_cloud202111120818_92724.html
SDK system permissions
The Device Fraud Detection SDK requires the following system permissions. Required permissions must be granted for the SDK to function. Optional permissions enhance detection capabilities but are not required.
Android
Permission | Required | Purpose | When to request |
INTERNET | Yes | Obtain network access. The SDK is unavailable without this permission. | Before calling the data collection API |
ACCESS_NETWORK_STATE | No (Recommended) | Obtain device network status. | Before calling the data collection API |
READ_PHONE_STATE | No (Recommended) | Obtain device fingerprint-related ID fields. | Before calling the data collection API |
WRITE_EXTERNAL_STORAGE READ_EXTERNAL_STORAGE | No (Recommended) | Cache configuration files on the local disk. | Before calling the data collection API |
iOS
Permission | Required | Purpose | When to request |
NSLocalNetworkUsageDescription | No (Recommended) | Detect local area network connectivity to identify threats such as modem pools and device farms. | Before calling the data collection API |
NSUserTrackingUsageDescription | No | Obtain the identifier for advertisers (IDFA) to improve device ID stability. | Before calling the data collection API |
HarmonyOS
Permission | Required | Description |
ohos.permission.INTERNET | Yes | Network access. The SDK requires a network connection to function. |
ohos.permission.GET_NETWORK_INFO | Yes | Network status verification. The SDK uses network status to provide better service. |
ohos.permission.STORE_PERSISTENT_DATA | No (Recommended) | Allow the app to store persistent data. The SDK uses this permission to enhance device fingerprint stability. |
ohos.permission.DISTRIBUTED_DATASYNC | No (Recommended) | Multi-device collaboration. The SDK detects the status of multiple devices to enhance security. |
ohos.permission.APP_TRACKING_CONSENT | No (Recommended) | Obtain the advertising identifier. The SDK uses IDFA information to improve device ID stability. |
Configure optional personal information collection
The SDK collects certain personal information by default. Developers can control the collection scope through the DataType parameter in the data collection API, supporting single or multiple selection. Disabling data collection affects the corresponding detection capabilities. Configure appropriately based on your business needs.
Android configuration
Configure the DataType field of the option parameter in the data collection API. For single selection, use a single value such as NO_UNIQUE_DEVICE_DATA. For multiple selection, combine values with the | character, such as NO_UNIQUE_DEVICE_DATA|NO_IDENTIFY_DEVICE_DATA.
Personal information field | Description | DataType configuration field |
OAID, Google Advertising ID, Android_ID | Changeable unique device identifier | NO_UNIQUE_DEVICE_DATA |
IMEI, IMSI, SimSerial, BuildSerial (SN), MAC address | Unchangeable unique device identifier | NO_IDENTIFY_DEVICE_DATA |
Device name (Build.DEVICE), Android version (Build.VERSION.RELEASE), screen resolution | Basic device information | NO_BASIC_DEVICE_DATA |
Fraudulent app list, local area network IP, DNS IP, connected Wi-Fi information (SSID, BSSID), nearby Wi-Fi list, location information | Extended information | NO_EXTRA_DEVICE_DATA |
Code example:
// Add a privacy data collection switch. Do not collect NO_IDENTIFY_DEVICE_DATA type data. Use | to combine multiple values.
Map<String, String> options = new HashMap<>();
options.put("DataType", String.valueOf(NO_IDENTIFY_DEVICE_DATA));
// Collect data through the Device Fraud Detection SDK. Call the data collection API as early as possible within the risk scenario.
SecurityDevice.getInstance().initWithOptions(this, ALIYUN_APPKEY, options, null);iOS configuration
Personal information field | Description | Configuration method |
IDFA | Advertising identifier | Download the SDK version that collects or does not collect IDFA from the console. |
Initialize the SDK and call features
When the user first launches the app, initialize the SDK and call its APIs only after the user has agreed to the privacy policy and actively uses the SDK feature. Avoid collecting device information immediately after the user consents to the privacy policy. For configuration details, see the integration guide for your platform: select "Data Collection" in the Android integration guide, or "Collect Data Using the SDK" in the iOS integration guide.