Fenniushi reported that on July 7, we learned from Ant Group’s consumer protection special project " Ant 315" that in order to continue to strengthen the protection of personal information, Alipay , a subsidiary of Ant Group, has been asked to update the SDK privacy policy. Further disclose in detail the list of personal information that Alipay needs to call when third-party apps implement four functions, including "pay with Alipay" and "quickly log in with Alipay account", to better protect developers and users' right to know. Currently, developers and users can view this privacy policy on the Alipay open platform.
It is reported that Alipay provides developers with four SDKs, namely "App Payment" SDK, "App Alipay Login" SDK, "Alipay" SDK, and "Authentication" SDK. With the help of these four SDKs, other apps can provide users with the functions of paying with Alipay, quickly logging in with an Alipay account, converting picture web pages to Alipay, and integrating Alipay real-person authentication capabilities. The updated Alipay SDK privacy policy of
discloses in detail the circumstances under which the four SDKs call information and a specific list of the calling information. It also distinguishes the corresponding calling situations and uses under iOS and Android systems. Taking the "APP Payment" SDK as an example, it is clear that commonly used device information and network information are only retrieved when initiating payment, which is used for security risk control during account login and payment processes.
In addition, the updated privacy policy also provides a more complete introduction to how each SDK stores information.
In order to ensure service stability and facilitate the implementation of related functions, SDK is a common tool used by Internet companies to assist APP development. SDK governance is also the focus of promoting APP special governance work and Internet enterprise APP compliance.
The relevant person in charge of "Ant 315" said that at the end of last year, Ant Group had established a special SDK governance project. On the one hand, it attaches great importance to the specifications of self-developed SDKs and implements dual methods of automatic scanning and manual detection of self-developed SDKs to ensure that there are no high-frequency Claims for rights, background rights claims and other behaviors, and regularly invites external testing agencies to conduct testing. On the other hand, SDKs developed by third parties on the platform are subject to full-process risk monitoring. Code scanning is required before going online. After going online, the platform will also monitor in real time whether there are any risks of abnormal personal sensitive permissions. If potential risks are found, information will be blocked. transfer.
Since the beginning of last year, Ant Group has launched the consumer rights protection special action "Ant 315". Continuously strengthening the protection of personal information is one of its priorities. In the past year, a streamlined version of Alipay’s privacy policy has been launched, and a list of third-party SDKs connected to Alipay has been announced.
