Being the official app distribution platform for Huawei over the past nine years, AppGallery provides a full-cycle security and protection system for security assurance throughout the app’s lifecycle.
The comprehensive security assurance system developed provides security assurance throughout the apps' lifecycle, including reviews of developers' qualifications, security checks before the apps' release, as well as periodic checks and user feedback tracking after their release.
As part of the comprehensive security assurance system, the four-layer protection creates a safety check at each step of the way to ensure the apps are free of malicious code, in order to ensure users are well protected against security vulnerabilities. These four security checks include malicious behaviour detection, security vulnerability scanning, privacy breach inspection, and manual recheck.
Exclusive quadruple detection ensures user privacy and security
All AppGallery apps need to pass a quadruple safety test to be eligible for release. AppGallery protects against malicious apps that may infringe user privacy or steal user property. Through careful selection and strict testing, AppGallery rejects apps that may pose security risks to users, providing users with a secure app acquisition experience.
The first of the four-layer protection includes malicious behaviour detection which focuses on detecting viruses, Trojan horses, malicious fee deduction, and malicious traffic consumption. To handle large numbers of app release requests, AppGallery uses SecDroid, a cloud-based automatic scanning platform that works with multiple well-known antivirus engines in the industry to detect viruses across Android packages (APKs). In addition, SecDroid uses sandbox-based dynamic execution technology and static feature analysis technology to detect and analyse sensitive behaviour, such as malicious billing, excessive traffic consumption, and malicious tampering of personal information.
The second layer is security vulnerability scanning, which combines dynamic and static scanning for security vulnerabilities, greatly reducing the probability of vulnerabilities or backdoors in apps. The scan covers tens of analysis and detection aspects, including the security of components and data, excessive traffic consumption, insecure command execution, analysis of APKs for potential vulnerabilities, and more.
The third layer is the privacy breach inspection, which aims to prevent apps from invoking, collecting, transmitting, or using sensitive user data, such as the address book and photo library, without users' authorisation or disregarding existing legal grounds. Both static and dynamic privacy analysis covers security vulnerabilities such as detection of corruption and breach points, identifying common issues such as key leakage, dangerous functions, and insecure algorithms. Filter criteria (such as suffix and type) are then set for refined control over scanned objects to determine the exact match locations and contexts as well as highlight the matched contents.
The final check passes through the manual recheck phase, in which a dedicated security team tests the apps in real-world scenarios to ensure compatibility, safety, as well as reliability to ensure users have the best app experience before it is released on AppGallery.
Huawei ensures a safe, private and protected digital environment on AppGallery for users
Through AppGallery, Huawei aims to strictly protect users’ privacy and security while providing them with a unique and smart experience. Serving over 730 million Huawei end users in over 170 countries and regions, AppGallery is committed to ensuring consumers enjoy a safe, private and protected digital environment as they explore unique and smart app experiences on the platform.
According to AppGallery 2020 Annual Security Report, in 2020, Huawei App Market's exclusive quadruple detection handled more than 970,000 app release applications from more than 170 countries and regions worldwide, a year-on-year increase of 27%. The extensive review filtered out 33.20% of the total app reviewed, identifying problems such as lack of copyright qualification, delayed app versions, app function defect, unexpected app exits, as well as registration and login exceptions.
In the future, AppGallery will continue its efforts to enhance the overall app experiences launched on AppGallery by updating the technologies and mechanisms for remediating risky apps, providing users with secure and high-quality apps, protecting their privacy and property security, and working with industry partners to build a green and healthy app ecosystem.
For more information, please visit https://consumer.huawei.com/en/privacy/. You may also read the latest HMS Security Technical White Paper here.
Related
From ride-hailing, navigation and mobile travel
To gaming, streaming, and social media
Mobile apps have become indispensable in daily life
But increased convenience puts sensitive user data at risk
HMS Core Safety Detect offers unique protections
For comprehensive app security with little effort!
What Is Safety Detect?
Safety Detect is an open multi-dimensional security detection service offered by Huawei, that helps developers bolster app security capabilities, based on the Trusted Execution Environment (TEE) on Huawei phones, without compromising user experience.
System Integrity Check (SysIntegrity)
SysIntegrity is capable of checking whether the user device is rooted, unlocked, or escalated for higher permissions, and uses this information to help you determine how and when to restrict your app's behavior to avoid potential leaking of sensitive user information or financial information.
A unique advantage of SysIntegrity is that it is based on the TEE OS, which is built into every Huawei phone (running EMUI 9.0 or later). The TEE OS comes with Huawei's in-house microkernel, which has achieved the prestigious CC EAL 5+ certification, and is the first solution of its kind to pass formal verification. Having integrated SysIntegrity, it can isolate apps for bolstered protection, and provide independent privacy security protection services. For example, services with high security requirements, such as the payment services, are provided with the appropriate level of protection in the TEE OS.
App Security Check (AppsCheck)
When your app has integrated AppsCheck, it can obtain a list of malicious apps on the user's device, which provides a strong basis for high-level risk analysis (for risky/virus-infected apps). Users are then warned of the presence of any risks on your app, or prompted to exit your app. According to the three largest global virus evaluation agencies, AppsCheck can detect malicious apps with a staggering accuracy rate of 99%.
Malicious URL Check (URLCheck)
With URLCheck, your app can determine whether a visited URL contains phishing or malware apps. The check strikes the optimal balance between performance and timeliness, and is capable of detecting a wide range of malicious URLs, such as phishing and Trojan-infested URLs. URLCheck is easy to integrate into your app, and provides trusted, operation-free security services, reducing the costs associated with developing secure browsing services.
Fake User Detection (UserDetect)
Fake user detection is critical for app operations, as the presence of fake operations such as game bots, activity bonus hunting, and malicious spamming, can give your app a bad reputation. UserDetect can identify spoofed devices, based on the device signature and identifier, and identity relevant environmental risks, such as roots, simulators, VMs, device change tools, and anonymous IP addresses. It can also recognize fake users based on screen touch and sensor behavior, as well as prevent batch registration, credential stuffing attacks, bonus hunting, and content crawlers. These safeguards provide your app's users with unmatched peace of mind.
Many popular apps have integrated Safety Detect, such as the app for the Sputnik media outlet in Russia, APUS, a popular browser in India and Southeast Asia, and 1998 Camera in Vietnam.
How Can I Integrate HUAWEI Safety Detect?
Each of the four functions in Safety Detect has a dedicated API that is easy to integrate. For guidance during the integration process, please refer to the HUAWEI Developers website, where you will find the integration guide and other resources for reference, or you can contact us through [email protected] for further technical assistance.
* HMS Core 4.0 courses produced by HUAWEI Developers are now available on Huawei official channels, including Video Center on HUAWEI Developers and HUAWEI Developer Forum.
? Safety Detect - HMS Core Featured Courses
• Huawei’s vision is to make HUAWEI AppGallery an open, innovative app distribution platform that is accessible to consumers.
• Huawei aims to strictly protect users’ privacy and security while providing them with a unique and smart experience.
The gradual proliferation of 5G means a revolutionized mobile experience. Increasingly, consumers are using multiple devices in various scenarios and mobile apps are key to that ever richer, hyperconnected experience. As such, Huawei believes that demand for smarter apps will only increase and they want to be at the forefront to enable this massive change.
Enter HUAWEI AppGallery – the official app distribution platform of Huawei, providing a new alternative to its users. As a top 3 app marketplace globally, HUAWEI AppGallery is now available in over 170 countries/regions with 400 million monthly active users (MAUs), covering mainstream apps and services worldwide.
Vision of a Top 3 App Marketplace Globally
“‘Privacy, under your control’, has always been at the heart of our philosophy,” Richard Yu, CEO of Huawei Consumer Business Group commented, “We place privacy protection and cybersecurity as the top priorities of all our business operations and strictly implement them in all phases of our products. We also have the strictest privacy and cybersecurity solutions in HUAWEI AppGallery. ” Huawei has hundreds of millions of users worldwide, laying a solid foundation for the development of the ecosystem. Together with HMS Core, which opens a variety of Huawei software and hardware capabilities, Huawei is enroute to providing the best and innovative application experience for users.
For a brand that rose sharply to rank 10th place in Brand Finance's 2020 annual global brand value ranking, nothing seems impossible. In fact, Huawei has invested in more than 3,000 engineers on ecosystem engineering. The brand also provides one-stop operational support for developers worldwide, as well as funding such as the “Shining-Star” program to incentivize innovation.
HUAWEI AppGallery Is A Trusted Platform Where Users Can Download Apps
HUAWEI AppGallery comes with full-cycle security and protection, including developer real-name verification and four-step review process for secure app operation. All apps go through a stringent verification test to prevent developers’ apps from malicious activity. It has an age-rating system to create a safe environment for children, filtering out apps that are not suitable for their age range.
AppGallery deploys the highest level of verification to isolate and protect users’ sensitive data and privacy. Personally-sensitive information – such as biometric data – will never be processed outside the Huawei device, giving the user complete control over their personal data1. EMUI lets users have control over app user permission. More importantly, complying with the localized service distribution and deployment policy, personal information is encrypted and stored in the area to which the user belongs.
HUAWEI AppGallery is the destination for quality apps for Huawei device users.
Huawei is continuously working on increasing the selection of top apps that have become a staple of its users’ digital lifestyle, including both popular global applications and quality localized applications our users have come to love and depend on. HUAWEI AppGallery segments applications across 18 categories, including news, social media, entertainment, and more, all searchable with a simple and smooth browsing experience. If there’s an app user can’t find, all they have to do is submit the desired app name to a ‘Wishlist’. Once this app goes on-shelf, the user who submitted it via ‘Wishlist’ will be notified.
Huawei is also committed to creating the best user experience by providing quality apps. In its latest content partnership, Huawei has collaborated with News UK, one of the UK’s biggest media companies, to bring the most accurate and updated news to Huawei users. Huawei users will get to enjoy access to daily articles, radio shows, and exclusive content on their Huawei devices, bringing greater convenience to users’ smart lifestyles.
“I think this is a really good long-term partnership we can have with Huawei. I feel there’s a lot more innovation we can do and really drive forward amazing customer experiences on those devices,” said Christina Scott, Chief Technology Officer of News UK.
HUAWEI AppGallery offers apps optimized to work on Huawei devices, for an innovative and smart experience
Apps downloaded from HUAWEI AppGallery are optimized to work on Huawei devices, providing incredible on-device capability. The key enabler is HUAWEI HiAI, an open AI capability platform for smart devices, which pools software and hardware resources from different devices and facilitates collaborative, mutually-reinforcing interactions between them.
For example, the WPS Office app uses the HiAI intelligent recognition capability to achieve super-resolution optical character recognition to recognize text in images such as scanned documents and photos. The in-app documents are automatically detected and corrected, greatly improving productivity.
HUAWEI AppGallery introduces a tap-to-use and installation-free experience with ‘Quick Apps’
Quick Apps is an app ecosystem that houses a new type of installation-free apps. It provides a good user experience, powerful functions, and automatic updates for HTML5 pages, but consumes very little memory space. Despite giving users the same experience as native apps, Quick Apps are written with only 1/5 amount of codes as compared to that of Android apps, therefore taking up less memory space. Users can accommodate more than 2000 Quick Apps instead of just 20 native apps with just 1GB of space.
Users can even add their favorite Quick Apps to their desktops for convenient access. Quick Apps are used on over 350 million Huawei phones. To date, there are more than 1,700 Quick Apps released globally.
To keep up the pace with 5G, Quick App will be gradually rolled out to more countries and regions, opening China market’s mature Quick App standards and IDE development tools to global developers. All developers across the world are welcomed to publish Quick App to jointly deliver tap-to-use and installation-free experience to users.
Huawei will continue its efforts in building the HMS Ecosystem and HUAWEI AppGallery to bring to life all-scenario smart life experience to Huawei users. Do stay tuned for more updates. For more information on HUAWEI AppGallery, visit https://consumer.huawei.com/en/mobileservices/appgallery/
1 The Huawei device global privacy compliance framework complies with Generally Accepted Privacy Principle (GAPPs) released by the AICPA/CICA, the European General Data Protection Regulations (GDPR), as well as local laws and regulations around the world. Since the ISO/IEC27001 and CSA Star security certification obtained in 2015 and ISO /IEC 27018 privacy standard certification received in October 2019, HMS was one of the first to pass the ISO/IEC 27701 certification issued by the British Standards Institution (BSI), making it a leader in security management, transparency and privacy compliance for personal data.
For details about Huawei developers and HMS, visit the website.
HUAWEI Developer Forum | HUAWEI Developer
forums.developer.huawei.com
History of the Black Market
With the popularization of smartphones, black market tactics have shifted from controlling zombie computers for launching DDoS attacks and click farming on advertisements, to controlling Internet users in mobile service scenarios for monetization purposes. The rapid development of the Internet has made black market attacks adaptive to change and easy to replicate. As a result, attacks such as malicious registrations have been widely applied.
Today's apps need to continually invest in risk mitigation and security safeguards, in order to guard against automated malicious attacks from the black market.
Impact of Malicious Registrations
Malicious registration is the starting point for black market attacks. After registering various fake user accounts, attackers will seek to exploit these fake accounts to hunt for bonuses in e-commerce apps, wasting resources that are intended for genuine new users. The attackers may also use the accounts to undermine the user-generated content ecosystem via content spamming in social apps. These fake user accounts may also be exploited by malicious advertising agencies for ad traffic fraud, with the goal of extracting higher fees from advertisers. Fake users offer no real benefits to advertised apps. According to data from EverSafe Online, there are up to 8.3 million fake user attacks every day, most of which are concentrated in industries related to finance, e-commerce, and social networking.
Prevention of Malicious Registration Attacks
Attackers may implement malicious registrations through automated registration tools and user-based crowdsourcing platforms. For the former, if an app requires identity verification, a large number of malicious registration requests can be filtered out. For the latter, however, if registered accounts are resold after real users complete identity verification, it can be more difficult to identify and handle these violation accounts. Therefore, more accurate risk-related data analysis is required, which will result in higher operating costs.
HUAWEI Safety Detect: A Free Service, Open to All Developers
With regard to malicious attacks, it is crucial for apps to enhance their security capabilities, starting with the very beginning of the registration process. Safety Detect offers the UserDetect API, which helps apps check whether they are interacting with fake users via the real-time risk analysis engine. If a user is deemed suspicious or risky, they will be asked to perform a secondary verification to confirm the accuracy of detection.
Outside the Chinese mainland, Safety Detect provides users with a captcha-based verification code for secondary verification. In the Chinese mainland, the nocaptcha API on the cloud is used to obtain the user detection result. Users can proceed only after they have passed this secondary verification.
Safety Detect also provides apps with the SysIntegrity API to effectively identify fake users from simulators, enabling apps to prevent fake users from operating in Internet advertising channels. For more details, please refer to the case of Mei Ri Qing Li Da Shi.
Currently, a wide range of apps, including those in finance, e-commerce, video, and news apps, as well as browsers, have already integrated Safety Detect, and relied on it to improve risk identification and prevention capabilities. By equipping your app with Safety Detect, you can begin bolstering its security capabilities.
More cases:
l Risky URL detection
l Video security for video apps
l Credit card fraud prevention for electronic payment apps
l Reduction of malicious reviews on apps
l Enhanced app sign-in security
For more details, you can go to:
l Our official website
l Our Development Documentation page, to find the documents you need
l Reddit to join our developer discussion
l GitHub to download demos and sample codes
l Stack Overflow to solve any integration problems
Original source
Keyring is an all-new security kit in HMS Core that is used to store user credentials on their devices, where the credentials can be shared between different apps and versions of an app, creating a seamless sign-in experience between your Android apps, quick apps, and web apps.
Keyring provides you with capabilities that make user credential management a sheer breeze, helping ensure your service continuity, by obtaining, encrypting, storing, authorizing, sharing, querying, accessing, and deleting such credentials, as needed. Keyring also provides your apps with APIs for storing, accessing, and querying user credentials, for effortless credential sharing between multiple apps. It enables the user to sign in to an app by using the credentials from another already signed-in app, for seamless cross-app sign-in.
In addition, Keyring also obtains the user credential sharing relationship between apps, to ensure that you can freely share the user credentials to different platform versions of your app, for example, Android app, quick app, and web app versions, making cross-platform sign-in a viable reality. Thanks to this capability, you'll be able to handle users from different platforms with remarkable ease.
Keyring offers airtight security, easy integration, and broad compatibility. It encrypts user credentials in the TEE, and securely stores the encrypted credentials on the user device itself. You can even define the credential sharing relationship between different apps and different platform versions of an app, so that only authorized apps are able to obtain a set of credentials. You can also enable the mechanism for users to verify their identities via biometric features before they can use the shared credentials, to bolster sign-in security. The industry-leading security capabilities in Keyring can be integrated in just 2 person-days, making it an efficient and cost-effective solution. Better yet, the service is designed to meet the security requirements of a vast range of apps, including shopping, travel, social media, reading, and many other service scenarios.
Keyring resolves longstanding issues related to inefficient credential management and credential security risks. The cross-app credential sharing function in Keyring can entice users to use your apps, and the cross-platform sign-in function streamlines the user conversion path and sign-in process. In the future, Keyring will provide an even greater range of features and HMS Core will open even more capabilities in the security field, to help you craft the best possible user experience.
In an era of skyrocketing demand for online financial products, securities companies have to transform the way they attract users and do business. To help address long-standing challenges, like homogeneous services and lack of differentiated operations scenarios, Analytics Kit 6.3.0 provides securities industry reports and corresponding event tracking templates. You can use these tools to target users, based on the news items of interest and preferences, to streamline the financial decision-making process and craft personalized services.
1. Clear Overview of User Information
Data overview displays data about the overall user growth, such as the number of new users and total number of users, as well as user details like the numbers of users who have applied for opening a securities account, bound a bank card, or deposited money.
* For reference only
You can also add filters to analyze the growth of each indicator. For example, you can compare new users from different channels for drill-down analysis, so as to select proper channels for data-driven marketing.
2. Trading Dashboard for a Glimpse at User Preferences
The Trading dashboard presents the overall sales information via the number of users who traded stocks, shares of stock bought and sold, sales volume of each financial product, and other indicators, providing you with a clear sense of user behavior and preferences. You can then use this information to craft an optimal product layout that can address user demand.
* For reference only
* For reference only
3. News Dashboard for Key Insights into Investment Demand
Since users tend to purchase financial products by taking the overall economy and relevant news into consideration, you can use the News dashboard to see which news items are of must interest to users via indicators related to news viewing and sharing, thus gaining a fuller understanding of investment demand.
Likewise, you can also push targeted news that is in line with user preferences, summarizing the status of the market and streamlining the investment decision-making process for users.
* For reference only
4. Out-of-the-Box Event Tracking Templates
To further bolster your event tracking efficiency, Analytics Kit also provides out-of-the-box event tracking templates for the securities industry, covering modules of data overview, trading, and news. After configuring events and parameters to be tracked based on the templates, you can view securities industry-related data to analyze user preferences and demand, and craft more personalized wealth management scenarios.
* For reference only
Analytics Kit also provides a range of other analytical models. For example, there is performance analysis for key conversion nodes, which helps optimize the key process from new user registration to account opening. To do so, you will need to perform the following steps:
First, select the desired events, such as Register and Submit account opening application, on the Funnel analysis page, to build a funnel model of registration conversion. Then, filter data by app version and OS version on the Industry analysis page to analyze nodes with a high churn rate, so as to check whether the cause of churn is associated with the system compatibility. Finally, optimize the app in a targeted way to improve the registration and card binding rates.
To learn more, click here to get the free trial for the demo, or visit our official website to access the development documents for Android, iOS, Web, Quick App, HarmonyOS, and WeChat Mini-Program.