The first batch of 18 apps were awarded the safety certification: not equal to "free of death gold medal"

　　The first batch of 18 apps received safety certification

　　Safety certification is not equal to "free of death gold medal"

　　□ Our reporter Han Dandong

　　□ Su Xinyu, an intern from our newspaper

　　Recently, 18 apps (mobile Internet applications) from 10 companies including Cloud QuickPass, Suning.com, China Mobile, and Baidu Maps were awarded security certifications, marking the official launch of my country’s App security certification.

　　In March 2019, the State Administration for Market Regulation and the Central Cyberspace Administration of China jointly issued the "Announcement on Carrying out App Security Certification Work", which specified that the certification body is the China Cyber ​​Security Review Technology and Certification Center.

　　As of June this year, the review and certification center deployed in accordance with the announcement and selected 28 apps from applicant companies for certification pilot work.

Among them, 18 apps passed the technical verification and on-site audit during the certification process, and passed the certification decision. The specific list is: Cloud QuickPass (Android, iOS), Suning.com (Android, iOS), China Mobile (Android, iOS) , Baidu Maps (Android, iOS), Tongcheng Travel (Android, iOS), Elong Travel (Android, iOS), Wheels (Android, iOS), Tiger Games (Android, iOS), Yiqi Mountain (Android), CTID (Android).

　　It is reported that the certification process mainly includes certification application and acceptance, technical verification, on-site audit, certification decision, and post-certification supervision.

The acceptance telephone number is published on the website of the examination and certification center, which uniformly accepts certification applications for customers, and the technical verification is performed by the contracted laboratory designated by the examination and certification center.

App operators who violate relevant laws and regulations are not allowed to apply for certification.

If a certified App operator has deceived, concealed, or violated promises during the certification process, the certification body will revoke the certification.

　　Wei Hao, director of the China Cybersecurity Review Technology and Certification Center, said that app security certification work is mainly to establish and improve an authoritative and credible App security certification system, and use market selection mechanisms to guide App operators to regulate personal information collection, use, and transfer. Behaviors provide basic technical support for comprehensive management of data security and standardize market order.

At the same time, the positive role of App security certification as a normalized mechanism in App governance is brought into play, reducing repeated testing and evaluation by management departments of various industries, and reducing the burden on enterprises.

　　Wei Hao said that in response to the high frequency of app version iterations, the review and certification center has established a continuous supervision work mechanism, and the relevant platforms have been put into operation to achieve automatic and intelligent monitoring of the continuous compliance of certified apps, and make full use of the Internet to give play to the supervision of netizens. , The role of complaints and reports.

Excessive application claims

　　Safety certification standard order

　　In recent years, apps have been widely used in shopping, entertainment, and business management, and they have played an irreplaceable role in promoting social and economic development and serving people's livelihood.

However, in the process of consumer use, the App sometimes asks for some personal information usage rights.

At the same time, App operating companies misuse the collected personal information for commercial promotion, advertising push, and big data "killing" without the consent of consumers, making consumers unbearable.

Worse still, this information may be used by criminals to defraud the Internet, and the legitimate rights and interests of the people are seriously threatened.

　　Relevant data shows that the Ministry of Industry and Information Technology has patrolled more than 48,000 apps in 2020 and inspected more than 200 apps.

Since the beginning of this year, the Ministry of Public Security has relied on Internet users’ reports and inspections to find that more than 7,000 apps that have violated laws and regulations have been dealt with in accordance with the law.

　　According to Zheng Ning, director of the Law Department of the School of Cultural Industry Management of Communication University of China, the establishment and implementation of the App security certification system aims to help government departments make full use of the leading role of the market selection mechanism, create a good environment for App consumption and establish a standardized App industry ecology for collecting and using personal information.

　　According to Zheng Ning’s analysis, the main functions of the App security certification system include the following three points: First, App security certification is carried out by a qualified certification body, and products that have been evaluated and qualified can meet relevant national standards for App collection, storage, transmission, processing, The various requirements for the use of personal information and other activities can fully protect the personal information security of consumers; second, App operators can further regulate their own App development and promotion by establishing systems and accepting inspections during the certification implementation process Behaviors help to improve their personal information protection awareness and ability; third, the two departments also encourage search engines and app stores to recommend certified apps first, so that when the majority of netizens face mixed apps, the authoritative third-party organization urgently needs to approve personal apps. The urgent need to evaluate and prove the level of information security protection will guide consumers to choose safe and certified App products.

　　Han Yingwei, senior partner of Beijing Yingke Law Firm, believes that 18 apps of 10 companies have been awarded security certifications, which is important for establishing a credible App security certification system, regulating the collection and use of personal information by App operators, and protecting user information. Security and maintaining an orderly market order are of great significance.

Safety certification becomes a trend

　　Protection awareness cannot be reduced

　　However, Zheng Ning reminded: "Although 18 apps have obtained security certification, this does not mean that apps will have to pass security certification before they can go online."

　　He further analyzed that according to the "Mobile Internet Application (App) Security Certification Implementation Rules", certification needs to follow the principle of voluntary application by App operators, so failure to pass security certification does not prevent App from going online.

However, for App operators, applying for security certification can demonstrate to the public their determination to protect personal information and data. In the certification process, by adopting appropriate technical and organizational measures to improve data compliance capabilities, they can form a competitive advantage and win more Recognition and trust from multiple users.

Moreover, the state encourages search engines and application stores to preferentially recommend certified apps and guide consumers to choose safe App products. It is believed that in the future, security certification will become a program that App operators actively choose.

　　Han Yingwei also believes that certified apps can use certification marks in the application market and search engines to convey safety trust to consumers and users, and guide netizens to prefer apps that have been certified for safety when downloading similar apps.

　　So, can users download and use the app after security certification?

　　Han Yingwei said that if the App obtains safety certification, it means that its current standards have met the relevant market regulatory requirements, and users are a more assured and reliable choice in terms of use and psychology.

However, becoming a member of the safety certification App does not mean that the App has a "death-free gold medal". It depends on the continuous and effective supervision of relevant departments.

Users still need to make comprehensive judgments based on App evaluation and operators.

　　Zheng Ning also believes that the safety certification of the App can only mean that it meets the national standards at the time of certification, and does not mean that it will remain in compliance afterwards. This is the reason for the continuous supervision of the administrative supervision department.

In other words, the app’s safety certification is not the end point, but a new starting point for companies to continue to implement relevant regulations and standards.

Even App operators that have obtained safety certification should insist on self-evaluation and internal audit of their own business after obtaining the certification, and cooperate with the supervision of the certification body.

Therefore, users can only use security certification as a preliminary signal of App compliance, and cannot reduce their awareness of personal information protection, but should continue to monitor whether operators are compliant during the use of the App.

　　If apps that have obtained security certification have irregularities in the collection, use, and transfer of personal information, will they face heavier penalties?

　　According to Zheng Ning’s analysis, according to the "Mobile Internet Application (App) Security Certification Implementation Rules", after the App is certified, if non-compliance is found in the supervision, the certification body should require the certified App operator to make rectification within a time limit , And verify the rectification results. If the rectification is not completed within the prescribed time limit or the rectification result fails to pass the verification, the certification shall be suspended, revoked or cancelled.

Therefore, non-compliance after obtaining the certificate will only lead to the consequences of the certificate being revoked, and the punishment cannot be increased. Violations should still be punished in accordance with relevant laws and regulations.

　　Han Yingwei believes that although there are no specific regulations at present, according to the original intention of the legislation, the irregularities in the collection, use, and transfer of personal information after obtaining security certification can be regarded as aggravating circumstances.

If a safety-certified app has irregular operations, it still has to bear the responsibility, and it may even be subject to stricter supervision or punishment.

The review and certification center has established a continuous supervision work mechanism, which can realize intelligent monitoring of certified apps.

Once violations occur, they will face penalties and disqualification from the list, which strengthens the authority and rigor of the safety certification list.

Strictly prevent illegal safety certification

　　Establish a compliance industry ecosystem

　　In Zheng Ning's view, the development of security certification will make App operators pay more attention to the protection of users' personal privacy, and play a good role model and compliance atmosphere in the industry.

However, if App security certification wants to give full play to its effectiveness, it also needs to be supported and exerted by all relevant parties, just like traditional certification projects, to jointly create a fair, just, orderly, and healthy market environment.

　　Zheng Ning suggested: For administrative supervision departments, market supervision departments should strictly investigate app products and their operators that forged or use certification certificates and certification marks, and further strengthen the guidance and supervision of App safety certification work, the Ministry of Network Information, the Ministry of Industry and Information Technology, etc. National ministries and commissions should strengthen the acceptance and application of certification results; for App operators, they need to actively promote the awareness of consumer personal information protection, actively apply for certification, and cooperate with certification agencies in the implementation and continuous supervision of certification, and within the specified scope as required Applicable certification certificates and certification marks, and consciously accept the management of regulatory authorities; for ordinary consumers, when choosing App, they should focus on choosing certified products that can meet the requirements for use. At the same time, they should use the App, especially the certified App. The problems and clues found in the process of violations of laws and regulations are reported to the regulatory authorities and certification bodies in a timely manner.

　　"Only by passing the safety certification list with entry and exit, forming a management mechanism for survival of the fittest, and strengthening the authority and fairness of the safety certification list, can we better escort personal information and data security." Zheng Ning said.

　　It is worth noting that Han Yingwei reminded that the security certification certificate has begun to be issued, marking that App security certification has entered a full implementation stage, which has attracted widespread attention from App users, but at the same time, some criminals may take advantage of it. The situation of obtaining safety certification in an illegal manner.