Security Compliance Solution
Policy standard compliance requirements
'The Cybersecurity Law' issued in 2016 establishes hierarchical protection as the basic system of cybersecurity guarantees.
The official implementation of Level Protection 2.0 on 1 December 2019, which clarifies that network operators are required to grade and secure mobile applications and conduct continuous security monitoring of applications.
'GB/T 34975-2017 Information Security Technology Mobile Intelligent Terminal Application Software Security Technical Requirements and Test Evaluation Methods' explicitly require client software to have anti-reverse (decompile), anti-tampering, anti-debugging, anti-injection and anti-hacking functions.
The "GB/T-35273-2020 Information Security Technology Personal Information Security Standard" and the "Method of Certification of the Illegal Collection and Use of Personal Information by App" specify that mobile terminals should collect and use personal information in a reasonable and compliant manner.
APP security risk
With the rise of mobile Internet, more and more government and enterprise users start to rely on mobile apps for work and related businesses. The hacker industry chain has also shifted from the traditional PC field to the smartphone terminal. On the other hand, the weak security awareness and insufficient security development ability of mobile application developers have led to a large number of apps being "launched in spite of illness". The main attack methods against mobile APP mainly include man-in-the-middle attack, reverse cracking, secondary packaging, phishing, vulnerability attack, debugging injection, trojans, man-in-the-middle hijacking, interface API invasion, etc. From attacks we can conclude that mobile APP security risks mainly exist in the APP itself safety risk (safety protection ability deficiency leads to be attacked), running environment, safety risk (such as root/prison environment, mobile banking Trojan, etc.), network communication security risks, such as HTTP clear transmission, HTTPS (mitm), the server API security risks (e.g., unauthorized operation, SQL injection, denial of service, etc.).
APP Security Compliance Solution
In response to the above-mentioned compliance requirements and security issues in the government and enterprise industries, Tongpay Shield provides a one-stop mobile application security solution based on years of technology accumulation and industry experience, which can effectively protect against various malicious attacks and meet industry compliance requirements.