The new Chinese standard intends to standardize the pre-installed apps on smartphones

The National Information Security Standardization Technical Committee issued the national standard " Basic Security Requirements for Information Security Technology Smartphone Pre-installed Applications " (Draft for Comments) and publicly solicited opinions from the public. The consultation draft proposes that non-uninstallable applications should provide a stop-use function. After the user chooses to stop using, the non-uninstallable applications should no longer process the user's personal information.

According to the draft for comments, pre-installed applications refer to those installed before the smartphone leaves the factory. There are user interaction portals on the main screen and auxiliary screen interface of the smartphone, which are provided to meet user application needs. Standalone application. They may come from smartphone manufacturers or third parties.

It is understood that this standard focuses on solving the problem that the number of pre-installed applications on smartphones cannot be uninstalled, and it is difficult to uninstall; excessive claims, default authorization, and covert collection of personal information; smartphone manufacturers lack data security and personal information for third-party pre-installed applications. Information protection audit management and other issues.

The consultation draft proposes that, except for the basic functional applications that directly support the operation of the operating system or realize the basic functions of the smartphone, other pre-installed applications in the smartphone should be uninstallable, and the pre-installed applications that realize the same basic function, At least one can be set as non-uninstallable.

Among them, system settings, file management, multimedia video recording, making and receiving calls, sending and receiving text messages, address book, browser, and application store are all included in the application programs necessary to realize the basic functions of mobile phones. The Exposure Draft also requires that other functions that are not necessary in the application should not be uninstalled, and a way to disable or uninstall these functions should be provided.

For uninstalling pre-installed applications, the draft requires that, without affecting the safe use of smartphones, relevant program files and data other than those that the user chooses to keep should be completely deleted, and the uninstalled pre-installed applications should be ensured. Not restored when the smartphone OS is upgraded.

In addition, the draft also proposes that smartphone manufacturers should clearly state the security information of pre-installed applications in the product manual, official website, and when the smartphone is used for the first time, including the application name, version number; provider name, contact Whether it can be uninstalled and how to uninstall it; the scope of personal information collected and the purpose of use; the scope of application for permission to collect personal information and the purpose of use; security information such as security testing and certification of third-party pre-installed applications.