National Information Security Standardization Technical Committee, Information Security Technology - Guidelines for the Security Management of Mobile Internet Applications (App) Throughout Their Lifecycles (Draft for Comments)

Issued: February 8, 2022

Main contents: The Guidelines set forth guiding opinions on the security requirements, security recommendations, security management, etc. for the lifecycle of apps. The lifecycle of an app mainly includes seven stages: requirement analysis stage, development and design stage, testing and verification stage, uploading to store and release stage, installation and running stage, updating and maintenance stage and end of operation stage.

In the lifecycle of an app, different management or technical activities are carried out at each stage to address various risks that could arise to reduce the possibility of risks arising.  The process of monitoring and dealing with risks involves the collection of data on acts during certain stages of the lifecycle and conducting risk analysis in respect of such data and feature operation so as to determine whether the app poses risks of infringing the rights and interests of users and ultimately dealing with the risks and reducing the possibility of a notice being circulated about the app or the app being removed from the store. By taking measures, the leakage of information from security vulnerabilities can be guarded against and the dissemination of information on security vulnerabilities and the damage arisen therefrom can be prevented, thereby reducing the possibility that the security vulnerabilities faced by the App can be exploited.