当前位置:网站首页>The information security and Standardization Commission issued the draft for comments on the management guide for app personal information processing activities
The information security and Standardization Commission issued the draft for comments on the management guide for app personal information processing activities
2022-07-29 01:45:00 【Super technology】
With the rapid development of mobile Internet , While mobile Internet applications bring convenience to people's lives , Dealing with people's personal information more and more , But there are also unreasonable collection of personal information 、 Problems in use , As the carrier of mobile Internet applications, mobile terminals , The collection and use of personal information can be managed to a certain extent through the corresponding mechanism of the mobile terminal and its operating system , Help mobile Internet applications reasonably collect and use personal information .
In recent days, , The National Information Security Standardization Technical Committee issued 《 Information security technology Mobile Internet application of mobile intelligent terminal (App) Personal information processing activity management guide ( Solicitation draft )》( hereinafter referred to as 《 Solicitation draft 》).
《 Solicitation draft 》 According to the life cycle nodes of mobile Internet applications on mobile intelligent terminals , Put forward personal information security management measures for mobile intelligent terminals , enhance App The degree of expressiveness of handling personal information , by App Users provide more personal information protection and control mechanisms , To strengthen the personal information security of mobile Internet applications running on the mobile terminal operating system .
《 Solicitation draft 》 For mobile intelligent terminals App Personal information security function design 、 Guidelines for managing personal information security risks , To enhance App The explicit degree of collecting personal information , And for App Users provide more control mechanisms for personal information protection , It is suitable for guiding mobile intelligent terminal providers to carry out system design 、 Development activities , It is mainly applicable to smart phones .
《 Solicitation draft 》 Pointed out that , Mobile intelligent terminal pair App The management of personal information processing activities should follow the following principles :
1、 Open and transparent : Record in a reasonable manner 、 Tips App Processing personal information , Make sure the user is right App Personal information processing behavior is perceptible ;
2、 Easy to manage : Provide users with App Personal information management portal , Ensure that users can easily allow or deny App Processing of personal information ;
3、 To ensure safety : Ensure that users install safely App, as well as App Handle personal information in a secure way ;
4、 Careful control : For personal information with high sensitivity on mobile intelligent terminals , Implement restriction processing 、 Measures such as fine-grained management ;
5、 Reasonable and moderate : Take reasonable measures to manage their personal information , Realize users' personal information control at the same time , Avoid disturbing users ( Such as pop-up prompt with too high frequency ), influence App Normal operation of .
《 Solicitation draft 》 Also pointed out ,App Installation risks should be managed , Users through the website 、 Download from App store and other mobile app distribution platforms 、 install App when , Mobile intelligent terminal should :
1、 In execution App Clearly prompt the user and obtain user authorization before installation ;
2、 Determine the installed App Is there a virus 、 Vulnerabilities and other security risks , For those who clearly have safety risks App Remind users of corresponding security risks , And provide the option to prevent the installation from continuing ;
3、 Judge App Whether there are possible safety risks , Prompt the user if there is a possible security risk , And provide other channels to download 、 install 、 Upgrade options ;
4、 Judge App Whether the declared permissions include sensitive system permissions , Users are not required to authorize the permissions of sensitive systems during the installation phase .
Full text link :
https://www.tc260.org.cn/file/2022-06-13/8413a52b-056a-41f1-af82-1f20ee90a9e1.pdf
Hi, I'm super technology
Super technology is an information security expert , Can defend without upper limit DDos Attack and CC attack , Alibaba cloud strategic partner !
边栏推荐
- CSDN modify column name
- A ten thousand word blog post takes you into the pit. Reptiles are a dead end [ten thousand word pictures]
- [hcip] two mGRE networks are interconnected through OSPF (ENSP)
- AlphaFold揭示了蛋白质结构宇宙-从近100万个结构扩展到超过2亿个结构
- Moonbeam上的多链用例解析——Derek在Polkadot Decoded 2022的演讲文字回顾
- Cross modal alignment 20220728
- 【golang】使用select {}
- Reinforcement learning (III): dqn, nature dqn, double dqn, with source code interpretation
- Reinforcement learning (I): Q-learning, with source code interpretation
- golang run时报undefined错误【已解决】
猜你喜欢
T-sne降维
After understanding the composition of the URL of the website, we use the URL module, querystring module and mime module to improve the static website
瑞吉外卖项目实战Day01
Sigma-DSP-OUTPUT
Platofarm community ecological gospel, users can get premium income with elephant swap
Six noteworthy cloud security trends in 2022
【golang】使用select {}
嵌入式分享合集23
Timer of BOM series
明日无限计划,2022某公司元宇宙产品发布会活动概念策划方案
随机推荐
Behind the second round of okaleido tiger sales is the strategic support of ecological institutions
采用QT进行OpenGL开发(二)绘制立方体
Reinforcement learning (I): Q-learning, with source code interpretation
els 新的方块落下
Docker compose install MySQL
SiC Power Semiconductor Industry Summit Forum successfully held
了解各种路径
Understand all the basic grammar of ES6 in one article
规划数学期末考试模拟二
云原生应用综合练习上
围绕新市民金融聚焦差异化产品设计、智能技术提效及素养教育
Focus on differentiated product design, intelligent technology efficiency improvement and literacy education around new citizen Finance
【观察】三年跃居纯公有云SaaS第一,用友YonSuite的“飞轮效应”
ELS new box falls
[hcip] two mGRE networks are interconnected through OSPF (ENSP)
ELS stop at all
PLATO上线LAAS协议Elephant Swap,用户可借此获得溢价收益
如何选择专业、安全、高性能的远程控制软件
Merkel Studio - harmonyos implementation list to do
Comprehensive upgrade, complete collection of Taobao / tmall API interfaces