In the Era of Big Data, Do You Really Understand the Privacy and Security of App Data

The Privacy and Security of App Data Introduction:

The Privacy and Security of App Data. Have you ever had such an experience: you chat with a friend and express that you want to buy a certain product recently when you open a shopping software the next day, the product pushed to you by the platform is exactly what you want to buy; or, you Have you ever received an unfamiliar call, and they accurately reported your name and age... In recent years, with the rapid development of information technology, the era of big data has arrived. While big data brings us information sharing and convenient life, there are also many data security problems such as personal privacy leakage.

The Privacy and Security of App Data. Have you ever had such an experience: you chat with a friend and express that you want to buy a certain product recently when you open a shopping software the next day, the product pushed to you by the platform is exactly what you want to buy; or, you Have you ever received an unfamiliar call, and they accurately reported your name and age...

The Privacy and Security of App Data. In recent years, with the rapid development of information technology, the era of big data has come. While big data brings us information sharing and convenient life, there are also many data security problems such as personal privacy leakage.

The Privacy and Security of App Data. The author found that many companies are currently relying on push and other data collection tools to accumulate user raw data, and monetize through upper-level data services. As a business model, it has introduced huge data privacy protection risks to the app business. For example, in the "Developer Agreement" provided by a push service, the service provider clearly requires the App developer to inform the App user in the "Privacy Policy" that the user of the App agrees to the SDK provider's collection and use of their personal information. Including
1. The Privacy and Security of App Data. Device information, device information includes device identifier (IMEI, IDFA, Android ID, MAC, OAID, IMSI, and other related information)
2. The Privacy and Security of App Data. Application information (application crash information, notification switch status, software list and other related information)
3. Device parameters and system information (device type, device model, operating system, and hardware-related information)
4. The Privacy and Security of App Data. Network information, network information includes: IP address, WiFi information, base station information and other related information.
5. The Privacy and Security of App Data. Geographical location information. These private data are the key protection objects of the new personal protection law, and the collection of relevant information introduces huge risks to individual privacy protection.

At the same time, some users have found that opening an APP during the use of the mobile APP can open several other APPs together. This automatic operation causes users to worry about the theft of information in their mobile phone. In fact, the reason is that In order to ensure that the app can continue to be used by users, it is necessary to “sense of presence” as much as possible, otherwise users will abandon it or even uninstall it over time. If the App developer chooses to use the joint wake-up mechanism or other similar mechanisms to "keep alive", this may cause a large number of service processes to be woken up and resident in the background, resulting in cross-awakening and associated startup between different applications. Phenomenon.

The Privacy and Security of App Data. Based on the analysis of the content of the above technical specifications, after the app is awakened by self-starting, associated startup, etc., if there is a behavior of collecting personal information through mechanisms such as permissions, and the specific purpose is not clearly indicated in the privacy policy and other rules, it collects personal information. The frequency of information is suspected of exceeding the actual needs of business functions.

In my country, Article 4, point 3 of the "Methods for Determining the Illegal and Illegal Collection and Use of Personal Information by Apps" points out that the frequency of collecting personal information exceeds the actual needs of business functions, and can be identified as "violating the principle of necessity, collecting and providing services. irrelevant personal information".

Citizens' personal information cannot be violated, and the country has been taking action to ensure that the APP does not "cross the border". Data shows that in recent years, the Ministry of Industry and Information Technology has continued to carry out APP infringement rectification activities, carried out six batches of centralized sampling inspections, inspected 760,000 APPs, notified 748 illegal APPs, and removed 245 APPs that refused to rectify. Click to view the article published by Southern Metropolis Daily on November 27, 2020 , pointing out that there are third-party components that illegally collect personal information in software such as Getui, Xiaomi SDK (software development kit), and the old version of the 360 reinforcement tool. question.

Compliance security of App business, Alibaba Cloud mobile R&D platform EMAS recently launched a special privacy compliance testing service. This service conducts compliance analysis on mobile app privacy security, personal data collection, and use in accordance with relevant national laws and regulations and industry norms . The service provides comprehensive privacy compliance testing reports and expert advice, from ensuring the consistency of formal compliance (privacy policy text compliance ) and substantive compliance (code level compliance ), from personal information collection, permission usage scenarios, privacy policy, and other dimensions to help enterprises and developers identify risks related to app privacy compliance in advance, and avoid major risks such as regulatory notification and application delisting.

Alibaba Cloud's mobile R&D platform EMAS attaches great importance to the protection of personal information and follows the principle of minimizing the acquisition of device permissions. It is forbidden to collect any device's private data for monetization of data services in other scenarios. For related privacy policies, click: EMAS Privacy Policy, this Privacy Policy is Applicable to EMAS full-platform products such as mobile push/HTTPDNS/mobile hotfix/remote log/crash analysis/performance analysis/mobile user feedback, we welcome developers who are interested in or have questions about app privacy compliance to join the EMAS developer community, discuss compliance topics together, and build a solid line of defense for privacy protection for users.

Related Articles

Explore More Special Offers

  1. Short Message Service(SMS) & Mail Service

    50,000 email package starts as low as USD 1.99, 120 short messages start at only USD 1.00