Recently, there have been frequent searches on "Pinduoduo remote operation deletes user album photos", "Tencent QQ reads browser history" and other news that major apps infringe on user privacy. Users are paying more and more attention to privacy issues, and it is no longer the era of "Chinese people are willing to trade privacy for convenience" as said by an Internet tycoon. In such a big environment, as an IT practitioner, what should we pay attention to?
First of all, let's understand the current status of APP compliance: Recently, 200+ APPs have been ordered to be rectified or shut down by the Guangdong Provincial Communications Administration. , "Compulsory, frequent, and excessive requests for permissions", "The privacy agreement does not specify the purpose, method and scope of collecting personal information" and other issues. So where are the above-mentioned basis and regulations? Here I will briefly tell you about the road to APP compliance construction.
In fact, in March 2019, the APP Special Governance Working Group published the "Guidelines for Self-Assessment of APP Collection and Use of Personal Information in Violation of Laws and Regulations", and has continuously updated and iterated relevant documents since then. On March 7, 2020, the national standard GB/T 35273-2020 "Information Security Technology Personal Information Security Specification" was officially released. Add "independent selection of multiple business functions", "restrictions on the use of user portraits", "use of personalized display", "aggregation and integration of personal information collected based on different business purposes", "third-party access management", etc. In the safety specification, the implementation date of the specification is October 1, 2020. And in the follow-up, various "Network Security Standard Practice Guidelines" were released one after another, including "Mobile Internet Application (App) Collection and Use of Personal Information Self-Assessment Guidelines", "Mobile Internet Application (App) Use Software Development Toolkit (SDK) Security Guidelines", "Mobile Internet Application (App) System Permission Application Guide", "Mobile Internet Application (App) Personal Information Protection Frequently Asked Questions and Handling Guidelines", etc. So what pitfalls did I step on the road of compliance?
1. Self-assessment of collection and use of personal information
1. Note that when the user opens the APP for the first time or registers for the first time, the user needs to be conspicuously prompted to read the privacy policy
Stepping on pitfalls:
(1) Generally, the APP privacy policy is placed at the bottom of the login/registration page, and the Android phone enters the login/registration page, and the default positioning is the input box, and the keyboard pops up to cover the privacy policy link
Suggestion: A pop-up window prompts the user to view the privacy agreement to ensure that the user can view it conspicuously , and the path does not exceed 4 layers
(2) Stepping on the pit point: the first time you open the entry without viewing the privacy policy
Suggestion: The first time the user opens the app, there is a privacy policy to view the entrance
2. It needs to be confirmed and agreed by the user
. Step on the pit: the privacy policy APP is set to the default user checked state.
Suggestion: the user opens the APP for the first time/registers for the first time, and the privacy policy is unchecked; the user needs to manually check and agree
3. To be open , the privacy policy needs to be comprehensive and easy to read about the content of personal information
Trapped point: Updating the privacy policy does not update the update time and effective time of the privacy agreement.
Suggestion: When updating the privacy policy, the update time and effective time of the privacy policy need to be updated simultaneously
4. The app uses a third-party SDK (not a request of this domain name) or nests a third-party page
internally. full list
Suggestion: Completely and clearly explain the purpose, method, and scope of collecting and using personal information, distinguish and explain the personal information collected by each business function, and avoid using "etc., for example" and other methods to list incompletely (the corresponding SDK's information must also be attached. Click on Privacy Policy link)
5. The contact information of the operator in the privacy policy can be contacted normally.
Suggestion: Make sure that the call is the latest customer service number, and the customer service call can be connected in time
6. In the privacy policy, explain the measures and capabilities for personal information protection.
Suggestion: This needs to explain the technical or management processing, such as data encryption, rights management, etc.
7. The APP involves the use of children's personal information related business functions
Suggestion: Personal information protection rules for children need to be formulated and clearly stated in the privacy agreement (for example, online education, school apps and other applications that are currently very popular need special attention)
8. The privacy policy is easy to read
Suggestions:
1. The text and the background color should not be too close;
2. There should not be too professional terms in the privacy policy, which will increase the cost of understanding for users.
3. The words should not be too dense, and the key content can be appropriately bold and prominent show to users
9. There is a social system in the APP, such as WeChat’s search for friends, functions of circle of friends, and circle of friends has personal privacy information such as photos and videos Suggestions: 1. Give users the option to
close
circle of friends or only visible to themselves
2. Provide users with the option of not allowing Options for others to search
10. Stepping on pitfalls: publicly display the user's private information
Suggestion: For example, the user's mobile phone number and ID number cannot be used as the user's nickname and other users can see it.
(Common and lottery activities carousel winning user information, especially need to do privacy processing, can be replaced by some data **)
11. Stepping on the pit point: the user's mobile phone number or other private data is transmitted in plain text.
Suggestion: private data such as mobile phone number and ID number should not be directly concatenated in the get request and transmitted in plain text
For more detailed explanations of laws and regulations, please refer to: Network Security Standards Practice Guide
2. Permission application
1. Stepping on pitfalls: Assume that the APP is a casual software that can run on a single computer, and the result is to obtain call and address book permissions from the user
Suggestion: APP does not apply for permissions such as calling, and the user's functions can be used normally, so the function does not apply. Follow the standard minimum necessary principle .
2. Stepping on the pit point: Assuming that the APP is a camera software, the user applies for storage and location information permissions for the first time the user starts the APP (the user does not need this permission for the first startup and can open it normally, as shown in the figure below, start the game for the first time Apply for storage permission)
Suggestion: When the user has not yet used the function that needs to store and location information, do not apply for the relevant permission from the user, and then apply for the storage permission when the user clicks to save the photo, and inform the user of the purpose of applying for permission, such as saving the photo to the album , following the principle of dynamic application and the principle of being known to users .
3. Step on the pit point: click function A, and a pop-up window will apply to the user for notification, phone, address book and other permissions
Suggestion: When each permission needs to be used, apply to the user separately, do not apply for multiple permissions at once, and follow the principle of non-compulsion and non-binding .
4. Stepping on pitfalls: Frequently apply for user permissions. When the user refuses to provide permission A, every time the user opens the app/jumps the page and the user does not actively trigger the function that requires permission A, the user will be prompted to apply for permission A. Suggestion: Do not take the initiative within 48
hours To apply for permission, the user can actively trigger a pop-up window to display it. For example, the camera software saves the picture. After the user rejects it for the first time, and then clicks to save the picture, a pop-up window will pop up to apply for storage permission.
5. Stepping on pitfalls: The user refused to authorize the storage permission in the old version. After updating the APP, the storage permission is automatically enabled.
Suggestion: updating the APP does not modify the user's permission settings
6. Pitfalls: The target API level of the Android app is lower than 23
Suggestion: Set the target API level to not be lower than 28.
3. Functions required by the application
1. Account cancellation
Suggestion: It is necessary to provide users with a way to cancel their account, no matter manually or by system function. If it is manual, all user information must be canceled within the specified time (for example, 15 days) and must be completed within the time limit.
2. Do not set unnecessary or unreasonable conditions for modifying/cancelling the account.
Stomp: The user will be prompted to cancel after 30 days after canceling the account.
Suggestion: Do not set a registration period, which is unreasonable and does not affect the cancellation process
Stepping on the pitfalls: the user logs out of the account of app A, and the prompt logout will also log out of apps B, C, and D.
Suggestion: Accounts should not be bundled, and accounts should be independent before
Stepping on pitfalls: At present, user registration only needs a mobile phone number and a verification code. When a user applies to modify the mobile phone number, the user is prompted to provide an ID card. Suggestion
: It is best for the user to modify the personal information of the user to collect no more user personal information than the user's personal information collected during registration. information
3. Users can turn off personalized display
Suggestions:
1. Do not force users to agree to collect personal information just for the purpose of directional push information
2. Provide users with a switch to turn off personalized display
4. Involving payment functions
Suggestion: There are related payment agreements for users to check
(for example, when we commonly use video apps and other services that require payment to enjoy more services, there will be service agreements). The
above is a pitfall on the road to compliance. , to give you some suggestions and ideas of your own; in fact, to understand the above content simply, you can also regard compliance as your behavior of borrowing money from users. Borrowing money must have an IOU, which requires both parties to agree. The IOU must explain the purpose of your borrowing Reason, purpose, what the money is used for (cannot do illegal things); when to pay it back; if you lend me money, what guarantee do I have for repaying it; under normal circumstances, you will only borrow money if you really need it , Instead of borrowing money from users even if there is no shortage of money, it would be a hooligan. With this kind of thinking, it is easy to understand when we look at compliance.
Compliant with laws and regulations, APP can go further and further!
appendix:
- Information Security Technology Personal Information Security Specifications
- Mobile Internet Application (App) System Permission Application Guide
- Collection and Use of Personal Information Self-Assessment Guide
- Personal Information Protection Frequently Asked Questions and Handling Guidelines
ps: The above screenshots are all old versions of the app.
Recently, there have been frequent searches on "Pinduoduo remote operation deletes user album photos", "Tencent QQ reads browser history" and other news that major apps infringe on user privacy. Users are paying more and more attention to privacy issues, and it is no longer the era of "Chinese people are willing to trade privacy for convenience" as said by an Internet tycoon. In such a big environment, as an IT practitioner, what should we pay attention to?
First of all, let's understand the current status of APP compliance: Recently, 200+ APPs have been ordered to be rectified or shut down by the Guangdong Provincial Communications Administration. , "Compulsory, frequent, and excessive requests for permissions", "The privacy agreement does not specify the purpose, method and scope of collecting personal information" and other issues. So where are the above-mentioned basis and regulations? Here I will briefly tell you about the road to APP compliance construction.
In fact, in March 2019, the APP Special Governance Working Group published the "Guidelines for Self-Assessment of APP Collection and Use of Personal Information in Violation of Laws and Regulations", and has continuously updated and iterated relevant documents since then. On March 7, 2020, the national standard GB/T 35273-2020 "Information Security Technology Personal Information Security Specification" was officially released. Add "independent selection of multiple business functions", "restrictions on the use of user portraits", "use of personalized display", "aggregation and integration of personal information collected based on different business purposes", "third-party access management", etc. In the safety specification, the implementation date of the specification is October 1, 2020. And in the follow-up, various "Network Security Standard Practice Guidelines" were released one after another, including "Mobile Internet Application (App) Collection and Use of Personal Information Self-Assessment Guidelines", "Mobile Internet Application (App) Use Software Development Toolkit (SDK) Security Guidelines", "Mobile Internet Application (App) System Permission Application Guide", "Mobile Internet Application (App) Personal Information Protection Frequently Asked Questions and Handling Guidelines", etc. So what pitfalls did I step on the road of compliance?
1. Self-assessment of collection and use of personal information
1. Note that when the user opens the APP for the first time or registers for the first time, the user needs to be conspicuously prompted to read the privacy policy
Stepping on pitfalls:
(1) Generally, the APP privacy policy is placed at the bottom of the login/registration page, and the Android phone enters the login/registration page, and the default positioning is the input box, and the keyboard pops up to cover the privacy policy link
Suggestion: A pop-up window prompts the user to view the privacy agreement to ensure that the user can view it conspicuously , and the path does not exceed 4 layers
(2) Stepping on the pit point: the first time you open the entry without viewing the privacy policy
Suggestion: The first time the user opens the app, there is a privacy policy to view the entrance
2. It needs to be confirmed and agreed by the user
. Step on the pit: the privacy policy APP is set to the default user checked state.
Suggestion: the user opens the APP for the first time/registers for the first time, and the privacy policy is unchecked; the user needs to manually check and agree
3. To be open , the privacy policy needs to be comprehensive and easy to read about the content of personal information
Trapped point: Updating the privacy policy does not update the update time and effective time of the privacy agreement.
Suggestion: When updating the privacy policy, the update time and effective time of the privacy policy need to be updated simultaneously
4. The app uses a third-party SDK (not a request of this domain name) or nests a third-party page
internally. full list
Suggestion: Completely and clearly explain the purpose, method, and scope of collecting and using personal information, distinguish and explain the personal information collected by each business function, and avoid using "etc., for example" and other methods to list incompletely (the corresponding SDK's information must also be attached. Click on Privacy Policy link)
5. The contact information of the operator in the privacy policy can be contacted normally.
Suggestion: Make sure that the call is the latest customer service number, and the customer service call can be connected in time
6. In the privacy policy, explain the measures and capabilities for personal information protection.
Suggestion: This needs to explain the technical or management processing, such as data encryption, rights management, etc.
7. The APP involves the use of children's personal information related business functions
Suggestion: Personal information protection rules for children need to be formulated and clearly stated in the privacy agreement (for example, online education, school apps and other applications that are currently very popular need special attention)
8. The privacy policy is easy to read
Suggestions:
1. The text and the background color should not be too close;
2. There should not be too professional terms in the privacy policy, which will increase the cost of understanding for users.
3. The words should not be too dense, and the key content can be appropriately bold and prominent show to users
9. There is a social system in the APP, such as WeChat’s search for friends, functions of circle of friends, and circle of friends has personal privacy information such as photos and videos Suggestions: 1. Give users the option to
close
circle of friends or only visible to themselves
2. Provide users with the option of not allowing Options for others to search
10. Stepping on pitfalls: publicly display the user's private information
Suggestion: For example, the user's mobile phone number and ID number cannot be used as the user's nickname and other users can see it.
(Common and lottery activities carousel winning user information, especially need to do privacy processing, can be replaced by some data **)
11. Stepping on the pit point: the user's mobile phone number or other private data is transmitted in plain text.
Suggestion: private data such as mobile phone number and ID number should not be directly concatenated in the get request and transmitted in plain text
For more detailed explanations of laws and regulations, please refer to: Network Security Standards Practice Guide
2. Permission application
1. Stepping on pitfalls: Assume that the APP is a casual software that can run on a single computer, and the result is to obtain call and address book permissions from the user
Suggestion: APP does not apply for permissions such as calling, and the user's functions can be used normally, so the function does not apply. Follow the standard minimum necessary principle .
2. Stepping on the pit point: Assuming that the APP is a camera software, the user applies for storage and location information permissions for the first time the user starts the APP (the user does not need this permission for the first startup and can open it normally, as shown in the figure below, start the game for the first time Apply for storage permission)
Suggestion: When the user has not yet used the function that needs to store and location information, do not apply for the relevant permission from the user, and then apply for the storage permission when the user clicks to save the photo, and inform the user of the purpose of applying for permission, such as saving the photo to the album , following the principle of dynamic application and the principle of being known to users .
3. Step on the pit point: click function A, and a pop-up window will apply to the user for notification, phone, address book and other permissions
Suggestion: When each permission needs to be used, apply to the user separately, do not apply for multiple permissions at once, and follow the principle of non-compulsion and non-binding .
4. Stepping on pitfalls: Frequently apply for user permissions. When the user refuses to provide permission A, every time the user opens the app/jumps the page and the user does not actively trigger the function that requires permission A, the user will be prompted to apply for permission A. Suggestion: Do not take the initiative within 48
hours To apply for permission, the user can actively trigger a pop-up window to display it. For example, the camera software saves the picture. After the user rejects it for the first time, and then clicks to save the picture, a pop-up window will pop up to apply for storage permission.
5. Stepping on pitfalls: The user refused to authorize the storage permission in the old version. After updating the APP, the storage permission is automatically enabled.
Suggestion: updating the APP does not modify the user's permission settings
6. Pitfalls: The target API level of the Android app is lower than 23
Suggestion: Set the target API level to not be lower than 28.
3. Functions required by the application
1. Account cancellation
Suggestion: It is necessary to provide users with a way to cancel their account, no matter manually or by system function. If it is manual, all user information must be canceled within the specified time (for example, 15 days) and must be completed within the time limit.
2. Do not set unnecessary or unreasonable conditions for modifying/cancelling the account.
Stomp: The user will be prompted to cancel after 30 days after canceling the account.
Suggestion: Do not set a registration period, which is unreasonable and does not affect the cancellation process
Stepping on the pitfalls: the user logs out of the account of app A, and the prompt logout will also log out of apps B, C, and D.
Suggestion: Accounts should not be bundled, and accounts should be independent before
Stepping on pitfalls: At present, user registration only needs a mobile phone number and a verification code. When a user applies to modify the mobile phone number, the user is prompted to provide an ID card. Suggestion
: It is best for the user to modify the personal information of the user to collect no more user personal information than the user's personal information collected during registration. information
3. Users can turn off personalized display
Suggestions:
1. Do not force users to agree to collect personal information just for the purpose of directional push information
2. Provide users with a switch to turn off personalized display
4. Involving payment functions
Suggestion: There are related payment agreements for users to check
(for example, when we commonly use video apps and other services that require payment to enjoy more services, there will be service agreements). The
above is a pitfall on the road to compliance. , to give you some suggestions and ideas of your own; in fact, to understand the above content simply, you can also regard compliance as your behavior of borrowing money from users. Borrowing money must have an IOU, which requires both parties to agree. The IOU must explain the purpose of your borrowing Reason, purpose, what the money is used for (cannot do illegal things); when to pay it back; if you lend me money, what guarantee do I have for repaying it; under normal circumstances, you will only borrow money if you really need it , Instead of borrowing money from users even if there is no shortage of money, it would be a hooligan. With this kind of thinking, it is easy to understand when we look at compliance.
Compliant with laws and regulations, APP can go further and further!
appendix:
- Information Security Technology Personal Information Security Specifications
- Mobile Internet Application (App) System Permission Application Guide
- Collection and Use of Personal Information Self-Assessment Guide
- Personal Information Protection Frequently Asked Questions and Handling Guidelines
ps: The above screenshots are all old versions of the app.