Privacy Compliance

In recent years, the national regulatory authorities have paid more attention to the security of personal information and strengthened their supervision. They have successively issued such documents as the self-assessment guide for the illegal collection and use of personal information by app, the identification method for the illegal collection and use of personal information by app, and the basic specification for the collection of personal information by app (the latest draft) Establish a special app governance working group to regularly report violations, which means that the compliance collection and use of personal information has risen to the regulatory level. App development enterprises attach great importance to and respond to this, conduct self-examination of APP privacy compliance as soon as possible, and make reasonable rectification for non-compliance.

Through in-depth study of various app privacy compliance specifications / guidelines, PayEgis has developed its own compliance detection products, using a static analysis engine based on symbol execution and a dynamic detection engine based on running sandbox to conduct a comprehensive privacy compliance check throughout the use of mobile applications, aiming to help users quickly and accurately detect sensitive authority calls in the app, and To ensure the privacy and security of app.

Product function

  • 1

    Authority compliance analysis
    Provide the analysis of permission application, actual calling behavior and calling frequency in real use scenarios, compare whether it conforms to relevant document specifications, associate relevant data, provide corresponding screenshots, etc.

  • 2

    Flow data analysis
    Analyze the flow data generated in the process of dynamic detection, including data content, data flow direction, etc., and retain the original data as the detection basis.

  • 3

    Sensitive behavior analysis
    Provide the API information and situation actually called in the real use scenario, and further explain the sensitive behavior.

  • 4

    Third party SDK analysis
    This paper makes a comprehensive analysis of the third-party SDK's permission application and call, API call and security risks.

  • 5

    Sensitive data storage and transmission analysis
    Analyze the usage behavior of sensitive data in the application, and provide the analysis of call location and content.

  • 6

    Dynamic simulation detection
    It provides a dynamic detection engine based on the real use scenario, and simulates the real user's use behavior to detect, so as to ensure that the detection process fits the real user's use process with high accuracy.

Product Advantages

One-stop application security service in the whole life cycle

Comply with privacy and security protection regulations

In strict accordance with the national and industry issued personal information behavior management norms/guidelines, self-developed privacy security testing engine, efficient testing, authoritative and reliable results.

The test content is comprehensive and relevant

The detection scope covers vulnerability risk, authorization call, sensitive behavior, third-party SDK risk analysis and other aspects, and the multidimensional data comprehensive analysis ensures that the detection content is comprehensive.

Detection modes are diverse and flexible

Detection supports a variety of modes such as silent detection, whole-process automated testing, and multi-analysis and judgment, and the detection duration can be set flexibly to meet the requirements of different business scenarios.

The test results can be relied on

Provide a complete detection path, screen capture and other basis, and automatically generate a complete report of authority call events, violations of sensitive behavior, application risks, etc.