Compliance guidance
Upgrade Update SDK
Please make sure that you have Jiguang Security certification SDK Upgrade to new regulations. Updated version.
SDK Description of operational functions
Access description:Jiguang Security certification SDK Includes basic business functions and expanded business functions.
** Basic function**: One-key authentication for developers, one-key login and texting validation for end-user accounts.
**Extension **: To enhance the service experience of developers, we provide them with user safety controls, application self-starting.
| Functional differentiation | Operational functions | Functional Introduction | Relevant personal information and purpose of processing | Configure Mode |
| Basic functions | One-click authentication | One-key authentication for developers, one-key login and text authentication for end-user accounts | Android&iOS: Necessary personal information: Device identifier (includes) Android ID, GAID, OAID, UAID, IDFA, Boot ID: The unique identifier of end-user equipment used to generate dissensitisation, which is used to protect against security risks; Equipment hardware information (including equipment model, equipment screen resolution, equipment hardware manufacturer, equipment product name, equipment storage space), operating system information (including operating system version, system name, system language): to ensure compatibility of services with different equipment; Network information (including network type,carriersName, IP address,DHCP, WIFI Status information: used to determine whether the user is connected to a mobile network, locks in the service cell number, obtains the pre-repeated number of the current access card and token Information to enable a one-click login and texting validation in a mobile network state; Cell phone number: Used to provide a first-click login capacity for a mobile phone and a SMS authentication code for the corresponding number. Optional personal information: Device identifier (includes)IMEI, MAC, IMSI, ICCID: to supplement the generation of the only identifier for end-user devices and to enhance the accuracy of the unique identifier; base station information,SIM Card status: To determine vague location information, select the nearest authentication service point and enhance the efficiency of the certification service. Harmony: Necessary information: Equipment hardware information (equipment screen resolution), operating system information (including operating system version): to ensure compatibility of services on different devices; Network information (including network type,carriersName: used to determine whether the user is connected to a mobile network, locks in the service cell number, obtains the pre-repeated number of the current access card andtokenInformation to enable a one-click login and texting validation in a mobile network state; Cell phone number: Used to provide a first-click login capacity for mobile phone numbers and text proof code for corresponding numbers. |
Basic business, optional information configuration details"SDK Profile description for optional personal information |
| Extension | Safe Wind Control | Provide user account security for developers and check user account security | Software list information (including software list and software running list information): for identifying user applications and judging installed App Information to help you to identify the mass automated operation of the unusual software and the intercept machine, to protect the user ' s account security, etc. Location Information• For the purpose of identifying, on a geographical basis, unusual equipment, etc., the group attack/identify the geographical location, secure user accounts, etc. Network information (including network type,carriersName, base information, IP address,WiFi Status Information,WiFi List Information,SSID, BSSID: used to analyse the risk level of current equipment, to effectively identify fraudulent behaviour, to remove fraudulent equipment, to identify malicious brushes, malicious procedures, to protect user account security, etc. |
Android Example:JVerificationInterface. setSecureControl(Context context, boolean enable); Parameters: context: applied Context; enable: Configure whether the security wind control is enabled,true: Open;false: Close, Default true iOS Example of configuration on, off:[JVERIFICATIONService setSecureControl: isEnable]; Parameters: isEnable: Configure whether or not to activate the security wind control,YES: On;NO: off, default YES Harmony Do not support safe wind control |
| Apply Self Start | This interface allows development control to be allowed SDK It's the first time I've started. SDK Self-starting, primarily to enable user number validation to be completed in a more timely and effective manner, helps to improve the security and user experience of applications, and developers can configure as needed | Software list information (including software list and software running list information): to enable user number validation to be completed in a more timely and effective manner, to enhance the security of applications and to protect user account security. | Android Example:JCollectionAuth. enableAutoWakeup(Context context, boolean enable); Parameters:context: applied Context; enable: Configure whether the self-starter is enabled,true: Open;false: Close, Default true iOS, Harmony Do not support self-starting applications |
SDK Profile description for optional personal information
Access description:Jiguang Security certification SDK Control of optional collection of personal information that can be accessed by developers SDK An example of the configuration of the optional personal information is configured. If you close the collection of optional information,** it will seriously affect your use Jiguang Security certification SDK The achievement and effectiveness of some of the functions will not affect the achievement of the basic functions of the one-key authentication** and the developers are requested to rationalize their configuration in the light of the actual business needs.
SDK Example of configuration of optional personal information
| Personal profile description | ||
|---|---|---|
| Type of personal information | Purpose of personal data collection | Configure Mode |
| Device InformationIMEI) | The end-user device is used to generate a dissensitized unique identifier to protect against security risks. | Android Example: JVerifyCollectControl. Builder ss=new JVerifyCollectControl. Builder(); ss. imei(boolean isEnable); JVerificationInterface. setCollectControl(Context context, ss. build()); Parameters: isEnable: Configure collection imei; true: Collection;false: Do not collect, default as true iOS, Harmony Do Not Collect imei |
| Device InformationMAC) | The end-user device is used to generate a dissensitized unique identifier to protect against security risks. | Android Example: JVerifyCollectControl. Builder ss=new JVerifyCollectControl. Builder(); ss. mac(boolean isEnable); JVerificationInterface. setCollectControl(Context context, ss. build()); Parameters: isEnable: Configure collection mac; true: Collection;false: Do not collect, default as true iOS, Harmony Do Not Collect mac |
| Device InformationIMSI) | The end-user device is used to generate a dissensitized unique identifier to protect against security risks. | Android Example: JVerifyCollectControl. Builder ss=new JVerifyCollectControl. Builder(); ss. imsi(boolean isEnable); JVerificationInterface. setCollectControl(Context context, ss. build()); Parameters: isEnable: Configure collection imsi; true: Collection;false: Do not collect, default as true iOS, Harmony Do Not Collect imsi |
| Device InformationICCID) | The end-user device is used to generate a dissensitized unique identifier to protect against security risks. | Android Example: JVerifyDevicePermissions. setIccidEnable(boolean enable); Parameters: enable: true description ICCID; false Shows that access is not allowed. Default is true Started Supported Version 3.4.2 iOS, Harmony Do Not Collect ICCID |
| Base station information,SIMCard Status | To identify vague location information, select a nearby certification service point to enhance the efficiency of certification services; and identify equipment risk levels to protect account security | Android Example: JVerifyCollectControl. Builder ss=new JVerifyCollectControl. Builder(); ss. cell(boolean isEnable); JVerificationInterface. setCollectControl(Context context, ss. build()); Parameters: isEnableConfigure whether to collect base station information;true: Collection;false: Do not collect, default as true iOS Example: JVCollectControl *control = [[JVCollectControl alloc] init]; control. cell = isEnable; [JVERIFICATIONService setCollectControl:control]; Parameters: isEnableConfigure whether to collect base station information;true: Collection;false: Do not collect, default as true and refer to SDK The configuration description of the extended business function is configured to enable both operations to be closed Harmony Do Not Collect |
| Network InformationSSID, BSSID, WiFi List Information) | It is used to analyse the level of risk of current equipment, effectively identify cheating, remove fraudulent equipment, identify malicious brushes, malware procedures, secure user accounts, etc. | Reference SDK Profile description of extended business functionality |
| Location Information | It is used to identify, inter alia, the geographical location of the group ' s attack/recognition, to protect the user ' s account, etc. | Reference SDK Profile description of extended business functionality |
| Software List Information | To enable the user ' s number validation to be completed in a more timely and effective manner, to identify the user ' s application environment and to judge what has been installed App Information to help you identify the mass automated operation of the unusual software and intercept machine programs, protect user account security, etc. | Reference SDK Profile description of extended business functionality |
SDK Frequency, precision description of personal data collection
Input statement: We will undertake the collection of user-specific information as minimally necessary to achieve business functions. I'm not sure what I'm talking about. Jiguang Security certification SDK Only data collections App Trigger when calling related functions, about frequency App The developers can't configure themselves, so we don't provide an alternative configuration, an example of the frequency; the accuracy of the collection is mainly related to location-related functions, which are controlled primarily through permission. Jiguang Security certification SDK Through Optional Permissions App It is possible to control whether or not to apply for precise or rough geographical privileges. If you need to configure your locator privileges, refer to the following ""SDK A description of the authority to apply for the system" is configured.
SDK Description of the competence of the application system
Access description:Jiguang Security certification SDK The system privileges you can choose to apply for, you can find out more about the relationship of the rights to business functions and the timing of their application by reference to the following table.
| Android Operating System Application Permission List | |||
|---|---|---|---|
| Permissions | Optional | Purpose | Timing of application |
| android. permission. INTERNET | Selected | Applications are allowed to network to access gateways and authentication servers. | Enable operations to read |
| android. permission. ACCESS_NETWORK_STATE | Selected | Allow program accessWiFiNetwork status information to detect a safe authentication environment, avoid data distribution in an abnormal network, and save traffic and electricity. | Enable operations to read |
| android. permission. ACCESS_WIFI_STATE | Selected | Get a network state, judge if you connectwifi, detect a safe authentication environment. | Enable operations to read |
| android. permission. CHANGE_NETWORK_STATE | Selected | Allows access to permissions to change the network connection status for a user phone number and secure authentication. | Enable operations to read |
| android. permission. READ_PHONE_STATE | Optional | Get cell phone status parameters, assistive generation Jiguang Unique Device ID | Enable operations to read |
| android. permission. CHANGE_WIFI_STATE | Optional | Allow access program changesWIFIChina Unicomion status to access user cell phone numbers and secure authentication. | Enable operations to read |
| android. permission. ACCESS_COARSE_LOCATION | Optional | By obtaining rough location information, developers are provided with anti-deception functionality to remove cheating equipment | Use when using safe wind control |
| android. permission. ACCESS_FINE_LOCATION | Optional | Providing anti-fraud features to developers by obtaining accurate location information and removing cheating devices | Use when using safe wind control |
| android. permission. ACCESS_BACKGROUND_LOCATION | Optional | By obtaining location information, make anti-fraud features available to developers and remove cheating devices | Use when using safe wind control |
| iOS Operating System Application Permission List | |||
|---|---|---|---|
| Permissions | Optional | Purpose | Timing of application |
| Network access rights | Selected | Allow SDK Networking and data reporting, achieved SDK Authority on which business functions are based | Enable operations to read (the system automatically applies for bullet windows when there is a network, no code required) |
| Positioning Permissions | Optional | It is used to obtain location information and to remove cheating devices. | Use when using safe wind control |
| IDFA | Optional | idfa Package used for the sole identifier of the equipment Symbol | Enable operations to read |
| Harmony Operating System Application Permission List | |||
|---|---|---|---|
| Permissions | Optional | Purpose | Timing of application |
| ohos. permission. INTERNET | Selected | Access Network | Enable operations to read |
| ohos. permission. GET_NETWORK_INFO | Selected | Get Network Status | Enable operations to read |
| ohos. permission. GET_WIFI_INFO | Selected | Access wifi Information | Enable operations to read |
| ohos. permission. SET_NETWORK_INFO | Selected | Allow application of configuration data networks | Enable operations to read |
Android Select Rights
- The following are the mandatory permissions, which must be configured to meet basic authentication functionality
<!-- 网络权限, 用于访问网关和认证服务器(必选)-->
<uses-permission android:name="android. permission. INTERNET" />
<!-- 允许程序访问WiFi网络状态信息, 用于检测安全认证环境, 在网络异常状态下避免数据发送, 节省流量和电量(必选)-->
<uses-permission android:name="android. permission. ACCESS_NETWORK_STATE"/>
<!-- 获取网络状态, 判断是否连接wifi, 检测安全认证环境(必选)-->
<uses-permission android:name="android. permission. ACCESS_WIFI_STATE" />
<!-- 允许获取程序改变网络连接状态的权限, 用于获取用户手机号, 实现安全认证功能(必选)-->
<uses-permission android:name="android. permission. CHANGE_NETWORK_STATE" />
Android Optional Rights
- By obtaining location information, providing anti-fraud function for developers, removing cheating devices, and suggesting the following privileges for integration (optional)
<uses-permission android:name="android. permission. ACCESS_COARSE_LOCATION" />
<uses-permission android:name="android. permission. ACCESS_FINE_LOCATION" />
<uses-permission android:name="android. permission. ACCESS_BACKGROUND_LOCATION" />
- Allows access to permissions to change the network connection status for a user phone number and secure authentication. (optional)
<uses-permission android:name="android. permission. CHANGE_NETWORK_STATE" />
- To identify the only user, ensure effective identification with one-key authentication, respond quickly and enhance our anti-fraud capabilities, and recommend the following privileges for integration (optional)
<uses-permission android:name="android. permission. READ_PHONE_STATE" />
<uses-permission android:name="android. permission. ACCESS_WIFI_STATE" />
<!-- 允许程序对外部存储进行读写操作 -->
<uses-permission android:name="android. permission. WRITE_EXTERNAL_STORAGE" />
<!-- 允许程序对外部存储进行读操作 -->
<uses-permission android:name="android. permission. READ_EXTERNAL_STORAGE" />
iOS Optional Rights
NSLocationWhenInUseUsageDescription // 访问位置信息
NSLocationAlwaysAndWhenInUseUsageDescription // 访问位置信息
NSUserTrackingUsageDescription //idfa 包使用
Harmony Select Rights
The following are the mandatory permissions, which must be configured to meet basic authentication functionality
"requestPermissions": [
{
"name": "ohos. permission. INTERNET" //访问网络
},
{
"name": "ohos. permission. GET_NETWORK_INFO" // 获取网络状态
},
{
"name": "ohos. permission. GET_WIFI_INFO" //获取wifi信息
},
{
"name": "ohos. permission. SET_NETWORK_INFO" // 允许应用配置数据网络
},
],
SDK Privacy policy disclosure requirements and examples
Input: Developer in App Integration Jiguang Security certification SDK After that,Jiguang Security certification SDK The proper operation of the system gathers the necessary end-user information for one-key authentication, safe wind control, and self-starting services. Please developer based on integration Jiguang Security certification SDK ♪ The truth in you ♪ App In the privacy policy, yes. Jiguang Security certification SDK The name, the name of the company, the type and purpose of processing personal information, the method of collection, the privacy policy link, etc. are disclosed. ** Suggestion: Confirm what you access Jiguang Security certification SDK Versions and functional modules, defined from privacy policy Jiguang Security certification SDK interactive data content;in you App in the privacy policy, in the form of words or lists to the public Pea. Lou. Jiguang Security certification SDK and related information. **
Specific disclosure (for information only, please refer to actual cooperation):
SDK Name:Jiguang Security certification SDK
** Third-party subject: Shenzhen City and Tsawa Valley Information Technology Ltd.
** The purpose of the cooperation is: App Users provide one-key validation, safe wind control and self-start services
** Types and uses of processing of personal information**: equipment information, network information: necessary personal information: equipment identifier (including IDFA, Android ID, GAID, OAID, UAID, Boot id), equipment hardware information (including equipment model, equipment screen resolution, equipment hardware manufacturer, equipment product name, equipment storage space), operating system information (including operating system version, system name, system language), network information (including network type,carriersName, IP address,DHCP, WIFI Status information,** mobile phone number**; optional personal information: device identifier ()IMEI, MAC, IMSI, ICCID) Base station information,SIM Card status: Effective identification equipment, r APId response to certification needs to provide efficient, stable, fluid one-key certification services and generate the only Jiguang Device identifier. Network information (including network type,carriersName, base information, IP address,WiFi Status Information,WiFi List Information,SSID, BSSID** Location-related information , software list information (including software list and software running list information): information necessary for the security wind-control extension to analyse the current equipment ' s risk level and application environment, to effectively identify cheating, remove cheating equipment, identify malicious brushes, malicious programs, protect user account security, etc. Software list information (including software list and software running list information): Apply the information necessary for self-starting the extension of business functionality to allow user number validation to be completed in a more timely and effective manner, and improve the security of applications and protect user account security.
** Data processing: through de-marking, encrypted transmission and other secure means
Official link:https://www.jiguang.cn
** Privacy policy link**:https://www.jiguang.cn/license/privacy
Description and examples of end-user consent
Access description:App Private bullet windows should be available for the first run, with a short version of privacy policy content and a full version of privacy policy links to the privacy window and a clear indication to end-users to read and choose whether to agree to privacy policy; and private bullet windows should provide a consent button and a refusal button and be chosen by end-users at their own initiative. If sensitive personal information is involved, the consent of your end-user should be obtained on an individual basis. The end-user ' s authorization can be obtained in the form of a stand-alone bullet window, and in your Privacy Policy, the sensitive personal information will be displayed in bold fonts or other prominent markings.
Examples of privacy policy authorizations:
Example of authorized bullet windows for sensitive personal information:
** Example of privacy policy disclosure of sensitive personal information: "** Precision location information**: group attacks for the identification of equipment anomalies, etc. / identification of geographical location for forgery, security of user accounts, etc.".
Statement of rights exercised by end-users
Input: Developer in App Medium Integration Jiguang Security certification SDK After that,Jiguang Security certification SDK The normal operation collects the necessary end-user information for a one-key login or extension function. The developer shall, in accordance with the relevant laws and regulations, provide the end-user with a path or function to exercise the rights of the subject of personal information, if Jiguang Security certification SDK Please cooperate. Jiguang company liaises in a timely manner, and we will work with developers to properly address end-user claims.
SDK Business function call times
Access description: Please consent to you at user level App After the privacy policy in progress Jiguang Security certification SDK Business functionality interface calls. Avoid dynamic applications for sensitive equipment privileges related to the user's personal information until the user agrees to the privacy policy.
SDK Security authentication business functionality enabled
(1) You are in progress Jiguang Security certification SDK After initialization, call SDK Business functionality interfaces, such as one key login of business functionality interfacesAndroid: JVerificationInterface. preLogin(Context context, int timeOut, PreLoginListener listener); iOS: (void)preLogin:(NSTimeInterval)timeout completion:(void (^)(NSDictionary *result))completion); Harmony:JVerificationInterface. init(appkey:string, callback:JVInitCallback) is deemed to be enabled by your consent SDK Business function. We'll start collecting reports. Jiguang Security certification SDK The user profile for the business function; if you refuse to call, this may affect your use Jiguang Security certification SDK Effectiveness of related business functions.
(2) Security certification cannot be called if the user has not authorized or agreed to your Privacy Policy SDK Business function-related interface (one key login/number authentication, etc.).
(3) Once App Lack of user authorization for Privacy Policy, follow-up App Cold start. Developers should be sure to call security clearance. SDK Initialise Interface JVerificationInterface. init() No other security certification may be called before SDK Operational functionality interface.
Calls for relevant interfaces for compliance
- Before users agree to privacy provisions:
- If the user has not agreed to the privacy clause, the call must be made JCollectionAuth. setAuth(context, false) to inform SDK Not initialized.
- (**JCore 5.0.4 The above version no longer requires a call setAuth(context, false) but there is still a need to ensure that no calls are made until the user agrees SDK Interface. **
- Do Not Call Jiguang SDK Any interface. Including JVerificationInterface, JCoreInterface, JCollectionAuthtype.
- After the user agrees to the privacy clause:
- If the user has agreed to the privacy clause, or if the user has triggered the consent operation, the call must be made JCollectionAuth. setAuth(context, true).
- If not called setAuth(context, false♪ For example ♪ JCore 5.0.4 No visible settings in later versions false, no additional call required setAuth(context, true), SDK Automatically handles authorized status.
For example:
// 调整点一: 调用初始化代码前增加setAuth调用
boolean isPrivacyReady; // app根据是否已弹窗获取隐私授权来赋值
if(!isPrivacyReady){
// JCore 5.0.4之前版本需要显式设置false
if (JCoreInterface. getJCore SDKVersionInt() < 504) { // 5.0.4版本号对应504
JCollectionAuth. setAuth(context, false);
}
// 所有版本在未授权时都不应初始化SDK
return;
}
// 初始化
JVerificationInterface. init();
// 调整点二: 隐私政策授权获取成功后调用
// JCore 5.0.4+会自动处理授权状态, 可不需要显式设置true
JCollectionAuth. setAuth(context, true);
Third-party privacy policy disclosure reference
Jiguang Security certification SDK And it's a third party. SDK, please add to the Privacy Policy for third parties SDK For the privacy policy statement, see:
Number authentication SDK
** Type of personal information processed**: Network type, Internet address (IP address),carriersType, local number information,SIM Card status, type of cell phone device, cell phone operating system, hardware manufacturer,OAID
** Purpose and purpose**: fast-track login/number verification, question queries, analysis, risk control
** Information processing**:SDK Self-collection
** Third party subject**: Central Migration Internet Ltd.
** Privacy policy**https://wap.cmpassport.com/resources/html/contract2.html
China Unicomion authentication SDK
** Types of personal information processed**: equipment system version, cell phone model, preferred card, IP address, cell phone number
** Purpose and uses**: fast login/business style for user recognition
** Information processing**:SDK Self-collection
** Third party subject**: China Union Network Communications Ltd.
** Privacy policy**https://msv6.wosms.cn/html/oauth/protocol2.html
Sky Wing Account Authentication SDK
** Type of personal information processed**: International mobile user identifier (optional)V3.8.10 Version removed above, application process information, registered mobile phone number, own number, type of network connection, network status information, address,carriersType of cell phone equipment, mobile phone equipment manufacturer, mobile phone operating system type and version
** Purpose and use**: fast-track login/number check and business style control for user identification
** Information processing**:SDK Self-collection
** Third-party subject**: Sky Wing Digital Life Technology Ltd.
** Privacy policy**https://e.189.cn/sdk/agreement/show.do?order=2&type=main&appKey=&hidetop=&isShowPre=&returnUrl=https%3A%2F%2Fe.189.cn
Volcanic engines API
** Type of personal information processed**: mobile phone number, IP
** Purpose and purpose**: provision of end-user risk identification services
** Third-party subject**: Beijing Volcanic Engine Technology Ltd.
** Disposition**:API Interface
** Privacy policy**https://www.volcengine.com/docs/6504/166009
Machinecard Consistency Validation (default does not provide this feature, if required by the developer, to contact Jiguang(Corporate technical support)
** Type of personal information processed**: Network type, Internet address (IP address),carriersType, local number information,SIMCard status, type of cell phone equipment, cell phone operating system, hardware plant Business
** Purpose and use**: machine card consistency check, question queries, analysis, risk control
** Information processing**:SDKSelf-collection
** Third party subject**: Central Migration Internet Ltd.
** Privacy policy**https://wap.cmpassport.com/resources/html/cscContract2.html
** Please note that third parties SDK Please note that the processing of information may change due to, for example, the upgrade of the version. **
Privacy protection mechanisms
If you're right,Jiguang Security certification SDK Any doubts, observations and recommendations, or because of need Jiguang To assist in the closure of a certain capacity, we can be contacted by means of:
- E-mail:support@jiguang. cn
- Telephone:400-888-2376
- Contact: 12 A floors of Shenzhen Bay Science and Technology Ecological Park, at the intersection of Whitestone Road and the Western Road in the High South Side Street of Shenzhen City
You can also visit at any time.Jiguang network of officialsTheonlinecustomerservicesystem is in touch, and we will provide you with advice and services in a timely manner to ensure the implementation and enforcement of privacy protection mechanisms.
