Privacy and security have become a “heart disease” for users. How does the OPPO security team break the situation?

Constant bombing of spam messages, rogue APPs that secretly “spy on the screen”, over-abused face recognition… In the era of big data that emphasizes efficiency, the leakage of personal information has become more and more “convenient and quick”. With the gradual exposure of various loopholes in data security, users’ distrust of the Internet is also increasing. The pain of data privacy, what method is needed to “scratch the bone”? What is worth looking forward to is that more and more people are starting to take action.

1. The era of data in which everyone is at risk

The general “falling out” of data privacy is not a sudden loophole, but a growing “pain” that the Internet will inevitably experience as it gradually develops and matures from the reckless period.

In an era when traffic is king, personal data is not only a cornucopia of great value, but also a key weapon for corporate competitiveness. However, in the overwhelming battle for traffic, individual users have not yet formed the awareness of data protection, and the platform also lacks supervision and audit mechanisms, which together form a great privacy loophole. Under the severe security situation, government departments are accelerating the improvement of relevant laws and regulations, and some hardware manufacturers have also taken the initiative to build an industry security system, hoping to enhance their competitiveness with security performance.

For smartphones with serious “involution” at the technological level, in addition to continuing to update and upgrade hardware performance, the security issues that users are increasingly concerned about have also become a new direction for their competitiveness and sincerity. OPPO and other mobile phone manufacturers are in the field of security. made their own attempts.

At the just-concluded OPPO Developer Conference, OPPO opened a special session on security and privacy to show users its new actions to protect data security. Among them, the most noteworthy are the “White Paper on Personal Information Protection of Mobile Applications (APP)” jointly compiled by OPPO and Deloitte China, and the “2021-China Smartphone User Security Demand Insight Report” jointly compiled with Ipsos. . This means that OPPO has begun to participate more deeply in the co-construction of the industry ecology of personal information protection, and discuss the latest practical results of the implementation of personal information protection with other partners in the same industry.

2. Growing Privacy Barriers

For government departments, macroscopic laws and regulations are the last red line of data security; for developers, subjective self-discipline is the key direction to protect the security of users’ personal information. However, for mobile phone manufacturers in the middle link, they can provide users and developers with a more secure network environment at a more specific and practical level. With the continuous deepening of software and hardware, OPPO is gradually transforming into an ecological technology enterprise, which means that it will continue to drive the ecology with technology and work with developers to create a new digital life for users. Specifically, OPPO’s safety net is mainly reflected in two aspects.

From the perspective of internal systems, mobile phone manufacturers first need to build their own security architecture system to provide a comprehensive and efficient “protection network” to protect the rights and interests of users.

If a worker wants to do a good job, he must first sharpen his tools. As one of the strategic directions, OPPO has first built a safe and feasible personal information protection technology and management system, paying attention to and understanding the security and privacy needs of related parties such as consumers, business departments, tripartite partners, and regulatory authorities. The technical and management system framework for personal information protection is gradually established from the three dimensions of system and technical tools. This is an important and solid foundation for ensuring user security and privacy.

Secondly, ecological technology enterprises also need to have a comprehensive insight into user needs, and effectively solve user security problems from the root.

According to the research conducted by OPPO and Ipsos, consumers are most concerned about sensitive data and sensitive permissions. After understanding the user’s “heart disease”, OPPO can improve the security capabilities of the APP, and get the right medicine for the safety crisis of consumers.

For example, for sensitive data on the mobile phone and in the cloud, OPPO’s ColorOS system provides the functions of a private safe and an app lock. Photos, videos, and apps in the mobile phone need to be opened with an independent password; in the process of uploading data to the cloud, OPPO cloud The service adopts double-layer encrypted transmission for sensitive data, adopts hardware encryption machine, key management service and three-layer encrypted storage of high-level encryption of user data, etc., to escort the security of user cloud data.

For the sensitive behavior of the APP, the OPPO system can monitor in real time, and Display the records of application invocation permissions in the form of data charts, allowing users to more conveniently and intuitively see which applications are invoked, when, and what permissions are invoked.

3. New Empowerment for Developers

From the perspective of external software, in the context of more and more attention to data security, mobile phone systems also need to take more into account the security and privacy compliance issues of third-party APPs. Therefore, ecological technology companies need to provide developers with a more secure and compliant platform environment and provide protection for third-party APPs.

At the level of specific measures, from the perspective of the development environment, creating a green APP security ecosystem for developers is an effective mechanism to ensure user security from the source. First of all, OPPO has built an all-round application security and privacy governance system with device-cloud collaboration and multi-product linkage—Intelligent Shield. Through the security brain based on big data and AI, security and privacy governance can be implemented throughout the entire life cycle of the APP from testing, uploading, uninstalling, and delisting, opening up the security protection capabilities of software stores, browsers, mobile phone housekeepers and other products, covering users. All scenarios of the APP build a defense-in-depth system. In this way, it can not only ensure the security and privacy compliance of self-developed APPs, but also provide a fair and green APP ecological environment for all developers.

OPPO has accumulated nearly 300,000 security alerts last year; it has filtered hundreds of billions of swipes and other malicious behaviors, banned hundreds of malicious accounts, and blocked more than 2 billion attack requests. On the whole, the smart shield reinforces the big ship of OPPO mobile phones, allowing developers to drive more smoothly.

It is worth mentioning that, for the first time, OPPO has opened the security and privacy cloud check service, security detection SDK and security reinforcement capabilities to developers.

The security and privacy cloud check service mainly includes APK security and privacy automatic detection and APK security and privacy real machine dynamic detection, which can not only reduce the probability of APK being called back due to security and privacy issues, but also reduce the risk of APP being removed from the OPPO platform, and reduce the risk of APP being removed from the OPPO platform. business losses.

The security detection SDK can provide malicious application security detection, malicious website detection, malicious WIFI detection, fake user detection, trusted device detection and other functions to protect developers’ applications from security threats such as device tampering, bad URLs, malicious applications and fake users. .

The security hardening capability also includes multi-dimensional in-depth protection from code security, resource file security, data security, etc., as well as runtime protection for detection and confrontation of the application APP environment, as well as encryption, hiding and virtualization of core code logic. Protection to prevent secondary packaging or cracking of core code logic. At the same time, the security hardening capability supports the hardening protection of various file formats such as APK, Jar, and SO, which further strengthens the practical application scenarios of this capability.

In addition, for developers, the two reports “Mobile Application (APP) Personal Information Protection White Paper” and “2021-China Smartphone User Security Demand Insight Report” are undoubtedly a comprehensive security guide in the eyes of developers . OPPO provides timely and necessary guidance and empowerment for developers through deep insights into the industry and users, and relevant experience accumulated in business practices, and builds a secure ecosystem with developers to protect user privacy and security. In the entire smartphone industry, “rapid currents” and “reefs” that may cause data leakage can be accurately avoided in advance. As a whole, the development channels of smartphones have become more and more clear.

Fourth, the most influential security logic

Different from previous attempts in the industry, OPPO’s series of actions this time truly stand with users and developers. However, even if there are mobile phone manufacturers such as OPPO “taking the lead”, in the entire digital intelligence ecosystem, consumers, producers, and supervisors in the industrial chain should actively participate in the protection of personal information and jointly complete the construction of the industry ecology.

In this regard, OPPO and Microsoft will work together to build a security and privacy engineering system, and jointly build an open and mutually integrated developer ecosystem; and jointly build the world’s leading product security privacy framework and develop secure and trusted engineering solutions to empower developers to adapt And embrace the challenges of a global international environment. At the same time, OPPO has also participated in a number of international security standards organizations such as the National Information Security Standardization Technical Committee (TC260), China Communications Standards Association (ETSI), European Telecommunications Standardization Association (CCSA), and Telecommunications Terminal Industry Association (TAF), as well as with Tsinghua University. , Zhejiang University, Xi’an Jiaotong University and many other well-known domestic universities have launched cooperation on cutting-edge security technology research topics, contributing to the improvement of the ecological security of the Internet of Things.

Generally speaking, the integration of all things is the trend of the times. Once the security loopholes are not filled in time, they will become a stumbling block hindering the development of science and technology. For ecological technology companies, it is not only necessary to speed up the establishment of a safety net in the current environment, but also to focus on the future, laying down security guarantees for future technologies such as the Internet of Things in advance, and building a healthy and safe Internet ecosystem. The security risks faced by the current IoT products are more complex, and there are difficulties in the four aspects of the device side, mobile terminal, communication pipeline and cloud. OPPO has begun to make arrangements in advance. OPPO has focused on hardware security, firmware security, system security, etc. A layered security architecture. More importantly, more and more Internet companies are currently focusing on ecological layout. As an ecological technology company, OPPO’s strong layout in the security field is also an important part of its digital intelligence strength and ecological construction.

V. Conclusion

The scary future of high-tech, low-living is a dystopian nightmare we never want to see. On the road of technological rush, information security is an important link that cannot be ignored no matter what. Under the leadership of OPPO and other companies, a complete network security system has gradually taken shape, and a new and safer digital life may be coming soon.