HMS Achieves Multiple SOC Privacy and Security Certifications from AIPCA - Huawei Developers

Huawei is dedicated to providing industry-leading privacy and security, and regard these features as key tenets of the overall user experience regardless of device categories. As a testament to its effort, AppGallery Connect, Huawei’s developer platform, has recently achieved four new international privacy and security accreditations from the American Institute of Certified Public Accountants (AICPA).
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
As of today, AppGallery Connect has passed the following AICPA Service Organization Control (SOC) audits – SOC 1 Type 2, SOC 2 Type 1, SOC 2 Type 2, and SOC 3. These certifications prove that AppGallery Connect's information security management is up to international standards and is capable of providing developers with world-class security and privacy protection services.
The SOC reports have become a globally recognised data security audit standard thanks to its rigour and transparency. The audit reports provide a comprehensive evaluation of the company’s internal controls in areas relevant to security and privacy, and are then verified as well as issued by a professional third-party accounting firm in accordance with relevant guidelines of the AICPA.
The SOC 1 Type 2 report is based on AT-C section 320 in the Statement on Standards for Attestation Engagements (SSAE) No.18. It indicates that AppGallery Connect has set proper security control objectives, provides proper measures accordingly, and ensures effective execution of the set measures.
Similarly, SOC 2 Type 1, SOC 2 Type 2, and SOC 3 reports are based on AT-C section 205 in SSAE No. 18 and 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy (TCP section 100). Of which, the successful completion of SOC 2 Type 1 report proves that AppGallery Connect services have appropriate security, availability, confidentiality, and privacy principles, while the SOC 2 Type 2 and SOC 3 reports cover the appropriateness and effectiveness related to these principles.
Huawei offers unwavering commitment to protecting users privacy and security​The Huawei Mobile Services (HMS) is an aggregation of HMS Core capabilities, including a full portfolio of safe and secure HMS Apps, HMS Connect, and corresponding IDE tools for development and testing.
More notably, HMS is based on five security technologies – including identity authentication, data security and privacy protection, content protection, application security, and service risk control – to ensure users’ privacy and security are protected in a comprehensive end-to-end manner.
HMS has obtained privacy and security certifications in various fields that are recognised globally. These include ISO/IEC 27001 and CSA STAR certifications in the security field, PCI DSS certifications in the mobile payment field, and FIDO certifications in the identity authentication field. This is on top of the ISO/IEC 27701, and ISO/IEC 27018 certifications that Huawei has achieved in the privacy field. These accreditations are a standing testament to the standard of HMS’ security and privacy processes.
Looking ahead, Huawei will continue to invest in user data privacy protection and prioritise cybersecurity and privacy for every product and service. This is to realise the company’s vision of building a secure and reliable digital environment for global Huawei users.
For more information, please visit https://consumer.huawei.com/en/privacy/
You may also read the latest Security Technical White Paper from HMS here:https://consumer-img.huawei.com/con...(hms)-security-technical-white-paper-v1.0.pdf.

Related

Safety Detect Ensures App Security to Be Accessible

From ride-hailing, navigation and mobile travel
To gaming, streaming, and social media
Mobile apps have become indispensable in daily life
But increased convenience puts sensitive user data at risk
HMS Core Safety Detect offers unique protections
For comprehensive app security with little effort!​
What Is Safety Detect?
Safety Detect is an open multi-dimensional security detection service offered by Huawei, that helps developers bolster app security capabilities, based on the Trusted Execution Environment (TEE) on Huawei phones, without compromising user experience.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
System Integrity Check (SysIntegrity)
SysIntegrity is capable of checking whether the user device is rooted, unlocked, or escalated for higher permissions, and uses this information to help you determine how and when to restrict your app's behavior to avoid potential leaking of sensitive user information or financial information.
A unique advantage of SysIntegrity is that it is based on the TEE OS, which is built into every Huawei phone (running EMUI 9.0 or later). The TEE OS comes with Huawei's in-house microkernel, which has achieved the prestigious CC EAL 5+ certification, and is the first solution of its kind to pass formal verification. Having integrated SysIntegrity, it can isolate apps for bolstered protection, and provide independent privacy security protection services. For example, services with high security requirements, such as the payment services, are provided with the appropriate level of protection in the TEE OS.
App Security Check (AppsCheck)
When your app has integrated AppsCheck, it can obtain a list of malicious apps on the user's device, which provides a strong basis for high-level risk analysis (for risky/virus-infected apps). Users are then warned of the presence of any risks on your app, or prompted to exit your app. According to the three largest global virus evaluation agencies, AppsCheck can detect malicious apps with a staggering accuracy rate of 99%.
Malicious URL Check (URLCheck)
With URLCheck, your app can determine whether a visited URL contains phishing or malware apps. The check strikes the optimal balance between performance and timeliness, and is capable of detecting a wide range of malicious URLs, such as phishing and Trojan-infested URLs. URLCheck is easy to integrate into your app, and provides trusted, operation-free security services, reducing the costs associated with developing secure browsing services.
Fake User Detection (UserDetect)
Fake user detection is critical for app operations, as the presence of fake operations such as game bots, activity bonus hunting, and malicious spamming, can give your app a bad reputation. UserDetect can identify spoofed devices, based on the device signature and identifier, and identity relevant environmental risks, such as roots, simulators, VMs, device change tools, and anonymous IP addresses. It can also recognize fake users based on screen touch and sensor behavior, as well as prevent batch registration, credential stuffing attacks, bonus hunting, and content crawlers. These safeguards provide your app's users with unmatched peace of mind.
Many popular apps have integrated Safety Detect, such as the app for International News Agency and Radio Sputnik, APUS, a popular browser in India and Southeast Asia, and 1998 Camera in Vietnam.
How Can I Integrate HUAWEI Safety Detect?
Each of the four functions in Safety Detect has a dedicated API that is easy to integrate. For guidance during the integration process, please refer to the HUAWEI Developers website, where you will find the integration guide and other resources for reference, or acquire your answers from HUAWEI Developer Forum.
* HMS Core 4.0 courses produced by HUAWEI Developers are now available on Huawei official channels, including Video Center on HUAWEI Developers.

CardsMobile Works with Safety Detect to Create New Integrated Payment Experience in r

Konstantin Stepanenko, Chief Product Officer at the Russian company CardsMobile, shared with developers the success story of CardsMobile's leading wallet app Koshelek which cooperates with Huawei's HMS ecosystem. By integrating the open capabilities of Huawei's HMS Core, Koshelek's e-payment efficiency is greatly improved and payment security is ensured.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Digitalization of Cards with Koshelek
Back in 2013, CardsMobile launched its first Near Field Communication (NFC) payment project. Today, Koshelek has established partnerships with most top retailers in Russia and can now digitalize physical cards that have already been issued and directly issue new virtual mobile cards within the app. For newly issued in-app cards, Koshelek can also aggregate various account details provided by partners, such as the reward balance and personal discounts.
In order to support bank cards in Koshelek, CardsMobile teamed up with Mastercard and Visa's international payment systems, and received an international license to manage tokenization and transactions for cards of any banks connected via Mastercard MDES and Visa VTS. Konstantin, Chief Product Officer at CardsMobile and the developer of Koshelek, attributed the seamless and smooth payment services on new Huawei smartphones to HMS.
The premium payment experience brought by the cooperation with Huawei HMS has instilled confidence in CardsMobile's further development. As part of its plan to deepen the integration with HMS Core, Konstantin said that CardsMobile has aimed to create a unified payment experience on Huawei smartphones using HUAWEI IDs. Meanwhile, CardsMobile has devoted itself to explore different ways to implement its payment platform on Huawei smartphones and Huawei's other smart devices.
HUAWEI Safety Detect Service Protects User Data
Koshelek allows users to digitalize and store their wallets and personal cards in the app, which involves security issues of sensitive user data in the industry.
Koshelek creates a separate user profile for each user to store user information. In this way, users won't need to enter their information twice, which improves the card issuance efficiency. Koshelek also generates a dynamic bar code based on the algorithm provided by a partner retailer, which many retailers use to authenticate loyalty members.
To prevent security risks caused by attacks on user information and credentials, CardsMobile makes HUAWEI Safety Detect an important element of mobile app operations, which is an effective way of detecting interference.
For example, when a user uses an electronic credit card account such as Visa or MasterCard in Koshelek, the user will need to enter a card verification code (CVC) to check the system environment safety of the device. If Koshelek's safety detection system which integrates HUAWEI Safety Detect indicates that the device system environment fails the SysIntegrity detection, Koshelek will not allow the user to use the app on that device so as to ensure transaction security.
In addition to the SysIntegrity detection, HUAWEI Safety Detect also provides fake user detection (UserDetect), app security check (AppsCheck), malicious URL check (URLCheck), and malicious Wi-Fi detection (WifiDetect) functions to quickly determine whether the device system has been maliciously attacked, rooted, or unlocked. In this way, users can be informed of risks or have their behavior restricted so as to protect user privacy and fund security.
Nikolay finished by thanking Huawei for providing high-quality functions and services via the HMS ecosystem. "We thank Huawei for providing new opportunities for developers. It was the introduction of the Safety Detect service that enabled our company to develop a technical solution able to satisfy all the international payment systems' requirements and to provide resources for all Russian users of new Huawei devices to tokenize bank cards and conduct contactless NFC payments."
Future: dedicated to providing globally unparalleled payment services
CardsMobile aims to provide users with globally unparalleled payment services through in-depth cooperation with HMS, and to lead the industry and market in terms of security, service quality, and convenience.

Codelabs Competitions at HDC 2020 (Together) Give a Sneak Peek for Safety Detect

A series of Codelabs challenge competitions in the Codelabs exhibition area at the HUAWEI DEVELOPER CONFERENCE 2020 (Together), which took place from September 10 to 12 at Songshan Lake in Dongguan, proved to be a hit among developers in attendance. Nearly 1,000 developers participated in the Codelabs activities and came away highly impressed with the programming experience.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Developers in the Codelabs exhibition area​
Social Coding: Difficult, but Fun and Rewarding
Huawei Codelabs serve as training camps for developers who hope to hone their coding skills. This year's sessions drew hundreds of developers, from novices to veteran coders, providing them with a unique opportunity to experience the full range of open capabilities offered by Huawei Mobile Services (HMS), with technical experts from Huawei on hand to offer assistance.
In the exhibition area, developers were presented with three separate competition types (related to AI, HMS Core basic capabilities, and HarmanoyOS respectively), each of which challenged and engaged them in distinct ways. During the competitions, on-site staff and technical experts provided participants with professional-level guidance, for a hands-on coding experience, helping them quickly grasp how to access capabilities opened up to devices.
Huawei staff in the Codelabs exhibition area​
The competition testing the HMS Core basic capabilities was open to junior and intermediate developers, and ultimately attracted the largest crowd. The security capability, one of the key capabilities provided by HMS Core, has seen some of its kits integrated into a range of apps that have proven indispensable in daily life, such as those related to financing, news and reading, and online shopping.
Safety Detect Cracks the Top 10 Most Attractive Open Capability List
Safety Detect, one of the main open security capabilities offered by HMS Core, detects five common security issues, which are: threats to system integrity, fake users, app security, malicious URLs, and malicious Wi-Fi networks.
System integrity detection determines whether the device environment is secure; the fake user detection judges if the current interactive user of the app is genuine; the app security detection enables developers to obtain a comprehensive list of malicious apps; the malicious URL detection clarifies the threat type corresponding to specific URLs; and the malicious Wi-Fi detection checks the security of the Wi-Fi network that the device is connected with.
Developers integrating Safety Detect in the Codelabs exhibition area​
According to a post-event survey, participants included a significant number of developers who had already integrated HMS kits and Safety Detect ranked among the top 10 most integrated kits. Developers in attendance expressed an eager willingness to integrate the open capabilities of Safety Detect into their apps. Besides, Safety Detect also made it to the top 10 kits that developers showed greater willingness to integrate into their apps.
HMS Core security services exhibition area
Following the conclusion of the competitions in the Codelabs area, developers went to the adjacent HMS Core security services exhibition area, where security service vendors and financial payment app vendors dialogued with Huawei technical experts. Interactive demonstrations, such as immersive one-minute animations, provided attendees with a firsthand look at the HMS security ecosystem. The informal, face-to-face format of the event, also provided them with a chance to exchange ideas about app security technologies.
HMS Core security capabilities showcase in the security services exhibition area​
During the event, an exhibitor opened foreign apps installed on the test mobiles to offer a direct side-by-side comparison for the effects of Huawei security services on secure and un-secure devices, showcasing the robust safeguards in place. Enterprise developers were among those who came away impressed, noting that they planned to work more closely with Huawei in the near future to bolster the security of their apps released outside of the Chinese mainland.
For more details, you can go to:
Official website
Development Documentation page, to find the documents you need
Reddit to join developer discussion
GitHub to download demos and sample codes
Stack Overflow to solve any integration problems

[Integration Guide] HUAWEI Account Kit Overview

About HUAWEI Account Kit​HUAWEI ID is the credential that provides users with access to a wide range of Huawei services, such as Huawei cloud services. As a fundamental development service offered by HMS Core, Account Kit provides you with simple, secure and quick sign-in and authorization functions. Rather than needing to repeatedly enter account and password information, and then wait for authentication, users can simply tap the Sign in with HUAWEI ID button to sign in directly to your app via their HUAWEI IDs.
Advantages​Authorized Sign-in for All Scenarios​Account Kit enables the user to be authorized to sign in to your app through a HUAWEI ID, sparing them from having to enter personal information, setting passwords, and waiting to have the information verified by email or SMS message. Once authorization has been completed, no sign-in authorization screen will be displayed when the user signs in to your app again, greatly reducing the user churn rate during registration and sign-in.
In addition, Account Kit supports seamless sign-in switching between different devices, including mobile phones, tablets, Vision, head units, and watches. This helps you better present your product and services on Huawei devices across all scenarios.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
A Global HUAWEI ID User Base​Account Kit enjoys a truly global reach, serving more than 190 countries and regions, and coming supported in 70+ languages. By integrating the service into your app, you'll benefit from access to a vast number of new potential users, and be equipped to expand your presence in new markets.
Secure and Reliable Services​Account Kit complies with prestigious international protocols, including OAuth 2.0 and OpenID Connect, and enables users to complete sign-in via a password and verification code, with the data encrypted, as well as offers an RISC-based cross-account protection function. This rigorous framework helps ensure that Account Kit meets relevant user privacy regulations around the world, and when coupled with HUAWEI ID sign-in, frees you from the hassle of managing user account data.
HUAWEI ID has obtained the EuroPriSe certification.​
A Convenient and Cohesive Solution​The development guide, sample code, and integration tool for Account Kit are continually being optimized to reduce integration costs.
Quick integration on the client: You can use HMS Toolkit to download the demo, check development environment configuration, and drag and drop the required code to complete integration in half a working day.
Quick integration on the server: You can reference both the Java and PHP sample code.
Account Kit allows you to connect to the Huawei ecosystem using your HUAWEI ID from a range of different devices, including mobile phones, tablets, and Vision.
Account Kit offers simple, secure and quick sign-in and authorization functions. In addition, it leverages the reach of its vast user base and all-scenario ecosystem, to provide you with direct access to new users in new markets.
We will continue to optimize Account Kit to help you achieve your business goals, and hope you'll enjoy access to such a broad range of game-changing services.
Use a browser to scan the QR code below to try the demo app:
(Note: The app may collect relevant information for user statistics.)
For more information about Account Kit, please visit:
Development guide
Codelab
Video course
For more details, you can go to:
l Our official website
l Our Development Documentation page, to find the documents you need
l Reddit to join our developer discussion
l GitHub to download demos and sample codes
l Stack Overflow to solve any integration problems

KBZPay Delivers Exceptional UX and Security with Liveness Detection of HMS Core ML Kit

KBZPay is Myanmar's fastest growing mobile wallet app, enabling millions of people to store, transfer, and spend money directly from their smartphones. KBZPay is powered by KBZ Bank, a bank with a 40% market share in the domestic retail and commercial banking sectors. Moving into the digital age, KBZ Bank has worked with Huawei for years to build digital financial infrastructure and services for its users nationwide.
The Challenges
Mobile banking is balanced on three main demands: performance, convenience, and security. To move with future trends, KBZPay wants to provide the ultimate user experience built on trust and loyalty. This app is dedicated to delivering convenience to users, and ensuring that users know their private financial information is secure.
Specifically, users want hardened security for services like changing PIN or applying for a loan, and a streamlined process for verification, which was inconvenient. In most cases, users needed to call or even go to their bank in person for account verification.
In addition, KBZ Bank wanted to better leverage its internal resources, preventing them from being restrained by any limits.
Why HMS Core ML Kit
To improve their product portfolio, KBZPay browsed the offerings on HMS Core ML Kit, a toolkit with various machine learning capabilities. KBZPay settled on the liveness detection function, which captures and verifies user face data to determine whether a face is real or is a fake.
This function offers a range of features, including:
● Accurate verification: During the testing and implementation phases, liveness detection proved to be 99% accurate in identifying and verifying faces, helping to protect user accounts.
● Integrate once, use everywhere: Liveness detection enables users to change pins and passwords without calling or visiting KBZ Bank, ensuring higher UX.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
The Benefits
The liveness detection function makes verification much easier, allowing users to complete verification swiftly. KBZPay users can now verify their identity anywhere, anytime through the app which is secure against fake face attacks and does not require the user to take additional actions.
This cooperation between KBZPay and Huawei signals the first banking app in Myanmar to implement liveness detection from ML Kit. Looking forward, KBZPay plans to work with Huawei into other key scenarios, like login and loan applications.
Discover more Developer Stories and how you can grow with Huawei.
Explore more opportunities with Huawei at our Ecosystem Partners Website.

Categories

Resources