Security Compliance Solution
Policy standard compliance requirements
'The Cybersecurity Law' issued in 2016 establishes hierarchical protection as the basic system of cybersecurity guarantees.
The official implementation of Level Protection 2.0 on 1 December 2019, which clarifies that network operators are required to grade and secure mobile applications and conduct continuous security monitoring of applications.
'GB/T 34975-2017 Information Security Technology Mobile Intelligent Terminal Application Software Security Technical Requirements and Test Evaluation Methods' explicitly require client software to have anti-reverse (decompile), anti-tampering, anti-debugging, anti-injection and anti-hacking functions.
The "GB/T-35273-2020 Information Security Technology Personal Information Security Standard" and the "Method of Certification of the Illegal Collection and Use of Personal Information by App" specify that mobile terminals should collect and use personal information in a reasonable and compliant manner.
APP security risk
With the rise of mobile Internet, more and more government and enterprise users start to rely on mobile apps for work and related businesses. The hacker industry chain has also shifted from the traditional PC field to the smartphone terminal. On the other hand, the weak security awareness and insufficient security development ability of mobile application developers have led to a large number of apps being "launched in spite of illness". The main attack methods against mobile APP mainly include man-in-the-middle attack, reverse cracking, secondary packaging, phishing, vulnerability attack, debugging injection, trojans, man-in-the-middle hijacking, interface API invasion, etc. From attacks we can conclude that mobile APP security risks mainly exist in the APP itself safety risk (safety protection ability deficiency leads to be attacked), running environment, safety risk (such as root/prison environment, mobile banking Trojan, etc.), network communication security risks, such as HTTP clear transmission, HTTPS (mitm), the server API security risks (e.g., unauthorized operation, SQL injection, denial of service, etc.).
APP Security Compliance Solution
In response to the above-mentioned compliance requirements and security issues in the government and enterprise industries, Tongpay Shield provides a one-stop mobile application security solution based on years of technology accumulation and industry experience, which can effectively protect against various malicious attacks and meet industry compliance requirements.

Features

Safety design and training services

Security design and training services, including business combing, threat modeling, security requirements analysis and security planning and design, security development training, code specification, etc.

Grade protection compliance consulting service

Grade protection compliance consulting service, including grading filing consulting, assisting in preparing filing materials, carrying out gap assessment, safety rectification, and finally meeting the grade assessment requirements.

APP security vulnerability assessment

APP security vulnerability assessment. From the application code security, component security, third-party SDK security, network transmission security, data storage security and back-end API interface security and other aspects to help users quickly find potential security holes and timely repair, to prevent user information disclosure and financial loss.

APP privacy compliance detection

APP privacy compliance detection. From the APP and the third-party SDK permission application, permission call, privacy data collection, storage, transmission and other aspects to detect and evaluate the use of APP permission and personal privacy data protection.

APP security reinforcement protection

It supports Android hardening, iOS hardening, H5 page hardening and SDK component hardening to effectively counter malicious acts such as reverse cracking, dynamic injection and interface hijacking, and protect the safe and stable operation of mobile APPs in government and enterprise industries.

APP phishing detection

APP phishing detection. 7x24 hours of continuous monitoring of domestic and foreign APP release channels, including APP stores, download sites, network discs, forums and other netwide scope, the first time to find pirated counterfeit apps, and provide a one-button report off the shelf service, to prevent users from downloading counterfeit apps and resulting in financial losses.

APP terminal threat perception

Through the detection of the APP operating environment, quickly intercept dynamic debugging, dynamic injection, interface hijacking, Trojan horse and other malicious attacks, can be docked horizontally with the existing network monitoring and warning platform to the mobile end of the threat warning data, comprehensive monitoring of their security compliance posture.

APP security situation monitoring platform

Through network crawlers and mobile Internet traffic analysis, it monitors in real time and with a focus on violating citizens' personal information, suspected gambling, fraud, piracy and counterfeiting, and spreading obscene pornography and other illegal APPs, supporting territorial and industry supervision.

Advantages of the solution

Authoritative and accurate test results

The first one was certified as CNNVD vulnerability compatibility, and meanwhile it was linked with the authoritative vulnerability database at home and abroad, so the detection results were scientific, objective and accurate.

Originality of safety reinforcement

Adopting the first dynamic shell protection technology in the industry, compared with other manufacturers, the product is the first to enter the next generation of security technology, the product has obtained the highest level of security certification (EAL3) from the national authority.

Balance safety and compliance

The construction of all kinds of mobile Internet malicious attack defense at the same time to meet the regulatory requirements of industry authorities, level protection and so on.

True cross-platform support

Support Android and iOS APP vulnerability detection, privacy detection, security reinforcement, threat perception and other one-stop services.