Aurora: knowledge of app and SDK compliance during compliance

category:Internet
 Aurora: knowledge of app and SDK compliance during compliance


The app privacy policy must clearly state the type, purpose and scope of the users personal information (including device information such as IMEI, device MAC address, installation list, etc.; network information; location information and other users active personal information) collected by the third-party SDK. After the user agrees with the privacy policy, the SDK will collect the users personal information;

After the user explicitly agrees with the privacy policy, the app calls and initializes the third-party SDK, and the third-party SDK collects the users personal information data;

App must shut down the app self start and associated startup services in unnecessary scenarios, provide users with shutdown options, and provide users with the right to choose independently. App developers should not frequently self start or associated startup without informing users and without consent of users, or in the use scenarios without reasonable basis.

Q: Why do developers need SDK?

A: SDK is a toolkit provided by the third-party service provider to realize a certain function of app. The SDK greatly reduces the development and operation costs of developers. Facing the app with complex functions, developers no longer need to develop each function separately. They only need to integrate appropriate and stable SDK in the app to help app realize many functions such as sharing, payment, data statistics, etc.

Q: What roles should app and SDK play in laws and regulations?

A: Article 9.6 of personal information security specification for information security technology points out that app developers and third-party SDKs form a common personal information controller relationship in many cases.

App developers and SDKs need to:

Q: In actual operation, how should app and SDK parties achieve compliance?

A: It is suggested that app developers should improve the app privacy policy or formulate a separate statement on the collection and processing of personal information of the third party SDK after establishing a cooperative relationship with the third party SDK.

In the policy or statement, the app developer shall be responsible for the design and development of the app, and shall disclose the list of third-party SDK integrated in the app, the list of permissions used, and the personal information collected and used.

The SDK needs to:

The third-party SDK is responsible for the design and development of the SDK, and should actively disclose the list of rights used, the personal information collected and used and the corresponding purpose.

In addition, in order to improve the accuracy of online audit, aurora will review the uploaded privacy policy manually from time to time, and compare the audit results to optimize the audit process. In the process of cooperation with app developers, aurora will regularly investigate or spot check the privacy policies of cooperative app developers according to current laws and regulations, national standards and official notices. For app developers who do not comply with the privacy policy, aurora will issue a rectification notice to require app developers to carry out compliance rectification until they meet the compliance requirements.

Provide better and more comprehensive services for app developers, strive to protect data security and users personal information, and strive to promote the ecological compliance development of mobile applications. Aurora has been working hard! Continue to pay attention to us to learn more about the compliance issues between app and SDK.

Wonderful preview of the next issue: how should app developers and third-party SDKs comply with the regulations in terms of personal information collection, use, storage, public disclosure and deletion?

About Aurora

Aurora mobile (NASDAQ: JG), founded in 2011, is Chinas leading developer service provider. Aurora focuses on providing stable and efficient message push, instant messaging, statistical analysis, Aurora sharing, SMS, one click authentication, deep link and other developer services for mobile application developers. As of March 2020, Aurora has provided services for about 1.5 million mobile applications, with 37.2 billion installed development kits (SDKs) and 1.36 billion independent active devices per month. At the same time, Aurora continues to empower developers and traditional industry customers to launch precision marketing, financial risk control, market insight, and commercial geographic service products, committed to improving operational efficiency and optimizing decision-making for society and all walks of life. Source: editor in charge of mass news: Chen Tiqiang_ NB6485

Aurora mobile (NASDAQ: JG), founded in 2011, is Chinas leading developer service provider. Aurora focuses on providing stable and efficient message push, instant messaging, statistical analysis, Aurora sharing, SMS, one click authentication, deep link and other developer services for mobile application developers. As of March 2020, Aurora has provided services for about 1.5 million mobile applications, with 37.2 billion installed development kits (SDKs) and 1.36 billion independent active devices per month. At the same time, Aurora continues to empower developers and traditional industry customers to launch precision marketing, financial risk control, market insight, and commercial geographic service products, committed to improving operational efficiency and optimizing decision-making for society and all walks of life.