On September 20, Wei Hao, director of the China Cyber Security Review Technology and Certification Center, said that the main purpose of app security certification is to establish and improve an authoritative and credible app security certification system, and to use the market selection mechanism to guide app operators to standardize the collection of personal information. , use, transfer and other behaviors, provide basic technical support for the comprehensive management of data security, and regulate the market order.
18 apps (mobile Internet applications) of 10 companies including YunshanPay, Suning.com, China Mobile, and Baidu Maps have been awarded security certifications in Beijing, marking the official launch of my country’s App security certification.
In March 2019, the State Administration for Market Regulation and the Central Cyberspace Administration jointly issued the “Announcement on Carrying out App Security Certification Work”, which specified that the certification body is the China Cyber Security Review Technology and Certification Center. By June of this year, the review and certification center had selected 28 apps from the applicant companies to conduct certification pilot work in accordance with the announcement deployment, of which 18 apps passed technical verification and on-site audit during the certification process, and passed the certification decision.
At the same time, the app security certification will play an active role in app governance as a normalized mechanism, reducing repeated testing and evaluation by the management departments of various industries, and reducing the burden on enterprises.
Wei Hao said that in view of the high frequency of iterations of App versions, the Review and Certification Center has established a continuous supervision mechanism, and the relevant platforms have been launched to realize automatic and intelligent monitoring of the continuous compliance of certified apps, and make full use of the Internet to give full play to netizens. The role of supervision, complaints and reports.
According to reports, the certification process mainly includes certification application and acceptance, technical verification, on-site audit, certification decision, and post-certification supervision. The acceptance telephone number is published on the website of the review and certification center, and the application for certification is accepted uniformly for customers, and the technical verification is carried out by the contract laboratory designated by the review and certification center.
App operators that violate relevant laws and regulations shall not apply for certification. The certification body will revoke the certification if the certified app operator has deceived, concealed, violated commitments, etc. during the certification process.