The launch of a new round of APP governance, these issues have attracted much attention!

The launch of a new round of APP governance, these issues have attracted much attention!

Issues such as the illegal collection of personal information by the SDK and the irregular collection of face information have become the focus

　　On July 25, the Central Cyberspace Administration of China, the Ministry of Industry and Information Technology, the Ministry of Public Security, and the State Administration for Market Regulation held a meeting to launch the 2020 APP illegal collection and use of personal information governance. The focus of this governance work includes the illegal collection of personal information by the SDK, and the irregular collection of facial information.

　　It is understood that the four departments set up a special APP governance working group last year to carry out in-depth assessment and problem verification for more than 2,300 APPs. Punishment measures such as public exposure, interviews, and removal of 260 APPs with large-scale users and outstanding problems were taken. , But the problem of illegal collection and use of personal information has not been fundamentally resolved.

　　The relevant person in charge of the Central Cyberspace Affairs Office stated that the governance work in 2020 will be based on last year, further intensify the rectification work, highlight problem orientation, strengthen standard and normative support, and strengthen accountability. The APP special governance working group will focus on in-depth evaluation of APP, SDK, applets, etc., and conduct special research and in-depth inspections on issues such as irregular collection and use of biometric information.

In-depth evaluation of SDK, etc.

　　This year's March 15 party exposed the "thief" plug-in in the mobile phone-SDK. SDK is a plug-in that provides a certain function or service in mobile phone software.

　　According to CCTV reports, in addition to collecting user mobile phone numbers and device information, the third-party SDK also collects private information such as the user's mobile phone address book, SMS information, and sensor information. After collection, it will also be sent to a designated server for storage. Some SDKs will even collect and upload the content of the SMS in the user's mobile phone, and the SMS with the verification code will also be collected and uploaded.

　　In July last year, the "Commonly Used Third-Party SDK Collection and Use Personal Information Evaluation Report" jointly issued by the Narada Personal Information Protection Research Center and the China Financial Certification Center showed that after evaluating 60 commonly used apps and mainstream SDKs, it was found that some SDKs will Record the environment or call without telling the user to obtain the user's geographic location; and the SDK can collect personal information beyond the scope of its declared authority through code.

　　In response to this, the four departments will formulate and release SDK and mobile operating system personal information security assessment key points this year, continue to accept and process the public’s clues reports and problem responses to illegal collection and use of personal information, and an APP with a large scale of users and concentrated problem responses , SDK, applet, etc. for in-depth evaluation.

Special research on irregular collection of face information

　　In recent years, face recognition technology has been widely used. Especially during the epidemic prevention and control period, some communities have introduced the "face recognition access control system", which not only ensures the safety and accuracy of information, but also greatly saves the cost of community and property personnel, and ensures the efficiency of personnel entering and exiting. However, this move also brings the risk of "face" information leakage.

　　Recently, there have been media reports that some cyber criminals use e-commerce platforms to resell illegally obtained identity information such as faces and online tools and tutorials for "photo activation". The price is 0.5 yuan for face data and software modification. A set of 35 yuan.

　　Li Bin, a lawyer from the China Consumers Association's lawyers, told reporters that facial information is undoubtedly more sensitive than personal information such as names, phone numbers, consumption records, and the consequences of its leakage are much more serious.

　　It is reported that in the new round of APP governance work, the collection and use of facial features (face) and other biometric information will be irregular, APP background self-starting, associated start, private call permissions to upload personal information, recording, photographing and other sensitive permissions abuse Carry out special research and in-depth inspections on key issues that are strongly reflected by the society.

Increase exposure and punishment

　　The reason why APP collects personal information in violation of laws and regulations frequently occurs because of its low illegal cost. To this end, the new round of APP governance will increase penalties and form an effective deterrent to violations of laws and regulations.

　　It is understood that this year will increase the detection, exposure and punishment of illegal collection and use of personal information. According to the circumstances and the severity of the consequences, punishments such as interviews, warnings, removals, and fines will be imposed in accordance with laws and regulations.

　　During the interview, the reporter found that since last year, relevant state departments have been increasing their exposure to the illegal collection of personal information by APP. On July 24, the Ministry of Industry and Information Technology also notified the third batch of apps that infringe on user rights in 2020. A total of 58 apps are listed, including Xunlei Live, Gengmei, Duoxian, Fangduuo, Jiayuan Wait.

　　Exposure is only one aspect. The four departments will formulate and issue guidelines for app store review and management of APP collection and use of personal information, guiding and urging app stores to effectively conduct security reviews before APP goes online and strictly control entry points.

　　In addition, this year the four departments will also promote APP personal information security certification work, carry out the issuance of certification certificates and logos in an orderly manner, establish a continuous and dynamic certification tracking mechanism; strengthen personal information security assessment training, and promote the standardization of personal information security assessment work; release free Technical tools to guide small and medium-sized enterprises to conduct self-assessment of personal information collection and use activities, and enhance the legal compliance of personal information collection and use activities for small and medium-sized enterprises.

　　Yang Zhaokui