Path: Home > GB/T > Page207 > GB/T 43435-2023 Home > Standard_List > GB/T > Page207 > GB/T 43435-2023
| Standard ID | Contents [version] | USD | STEP2 | [PDF] delivered in | Standard Title (Description) | Status | PDF |
| GB/T 43435-2023 | English | 349 |
Add to Cart
|
4 days [Need to translate]
|
Information security technology - Security requirements for software development kit (SDK) in mobile internet applications (App)
| Valid |
GB/T 43435-2023
|
PDF similar to GB/T 43435-2023
Basic data | Standard ID | GB/T 43435-2023 (GB/T43435-2023) | | Description (Translated English) | Information security technology - Security requirements for software development kit (SDK) in mobile internet applications (App) | | Sector / Industry | National Standard (Recommended) | | Classification of Chinese Standard | L80 | | Classification of International Standard | 35.030 | | Word Count Estimation | 17,192 | | Date of Issue | 2023-11-27 | | Date of Implementation | 2024-06-01 | | Issuing agency(ies) | State Administration for Market Regulation, China National Standardization Administration | GB/T 43435-2023: Information security technology - Security requirements for software development kit (SDK) in mobile internet applications (App)
---This is a DRAFT version for illustration, not a final translation. Full copy of true-PDF in English version (including equations, symbols, images, flow-chart, tables, and figures etc.) will be manually/carefully translated upon your order.
ICS 35:030
CCSL80
National Standards of People's Republic of China
Information Security Technology Mobile Internet Application (App)
Software Development Kit (SDK) Security Requirements
Published on 2023-11-27
2024-06-01 Implementation
State Administration for Market Regulation
Released by the National Standardization Administration Committee
Table of contents
Preface III
1 Scope 1
2 Normative references 1
3 Terms and Definitions 1
4 Overview 2
4:1 SDK usage scenario 2
4:2 SDK security risks 2
5 Security requirements for SDK design, development, release, operation, termination of operation and other stages 2
5:1 Design 2
5:2 Development 2
5:3 Release 3
5:4 Operation 3
5:5 Termination of operations 3
6 SDK personal information processing security requirements 4
6:1 Collection of personal information 4
6:2 Personal information storage 4
6:3 Use and processing of personal information 4
6:4 Transfer of personal information 5
6:5 Provision of personal information 5
6:6 Disclosure of personal information 5
6:7 Deletion of personal information 5
Appendix A (informative) Common SDK service types 6
Appendix B (informative) Common SDK security vulnerabilities 9
Appendix C (informative) Common SDK malicious behaviors 11
Appendix D (informative) Common SDK handling personal information security issues 12
Foreword
This document complies with the provisions of GB/T 1:1-2020 "Standardization Work Guidelines Part 1: Structure and Drafting Rules of Standardization Documents"
Drafting:
Please note that some content in this document may be subject to patents: The publisher of this document assumes no responsibility for identifying patents:
This document is proposed and coordinated by the National Information Security Standardization Technical Committee (SAC/TC260):
This document was drafted by: Daily Interactive Co:, Ltd:, China Electronics Technology Standardization Institute, China Network Security Review Technology and
Certification Center, China Academy of Information and Communications Technology, Beijing Baidu Network Technology Co:, Ltd:, Anhui Engineering University, Ant Technology Group Co:, Ltd:
Company, Huawei Technologies Co:, Ltd:, First Research Institute of the Ministry of Public Security, National Computer Virus Emergency Response Center, AutoNavi Software Co:, Ltd:, Beijing Express
Hand Technology Co:, Ltd:, Rock Jiahua Technology Group Co:, Ltd:, Honor Terminal Co:, Ltd:, Umeng Tongxin (Beijing) Technology Co:, Ltd:,
The Third Research Institute of the Ministry of Public Security, National Information Technology Security Research Center, National Computer Network Emergency Response Technology Coordination Center, Dashu, Zhejiang Province
According to Joint Computing Center Co:, Ltd:, Beijing Qihu Technology Co:, Ltd:, Beijing Xiaoju Technology Co:, Ltd:, Xiaomi Communication Technology Co:, Ltd:,
OPPO Guangdong Mobile Communications Co:, Ltd:, Alibaba (Beijing) Software Services Co:, Ltd:, Beijing Douyin Information Services Co:, Ltd:, Miaozhen
Information Technology Co:, Ltd:, Shanghai Zhaoyan Network Technology Co:, Ltd:, Hangzhou Yunshen Technology Co:, Ltd:, Zhejiang University, Fudan University, Shence Network
Network Technology (Beijing) Co:, Ltd:, Venustech Information Technology Group Co:, Ltd:, Beijing Zhiyou Network Security Technology Co:, Ltd:, Shanghai Hehe
Information Technology Co:, Ltd:, Huazhu Hotel Management Co:, Ltd:, Shanghai Youkun Information Technology Co:, Ltd:, iFlytek Co:, Ltd:,
Tongdun Technology Co:, Ltd:, Beikezhaofang (Beijing) Technology Co:, Ltd:, Shenzhen Haiyun'an Network Security Technology Co:, Ltd:, Beijing Zhizhang Yike
Technology Co:, Ltd:, Beijing Tengyun Tianxia Technology Co:, Ltd:, and Taier Zhuoxin Technology (Beijing) Co:, Ltd:
The main drafters of this document: Dong Lin, Fang Yi, Liu Xing, Zhou Cheng, Hu Ying, Jin Yan, Qie Shijie, Fan Hua, Tian Qingyun, He Yanzhe, Li Haochuan, Wu Linna,
Chang Haolun, Li Yingying, Han Miaomiao, Peng Jie, Deng Ting, Xu Yuqing, An Zeliang, Bai Xiaoyuan, Yi Qiang, Han Yu, Liu Yan, Zhang Xin, Huang Yuepeng, Wang Xin,
Guo Bianxiang, Zhao Xiaona, Jia Ziwei, Tian Yuxuan, Zhang Yan, Cao Yue, Lin Xingchen, Wang Yiyu, Yi Li, Yao Yinan, Zhang Na, Huang Xiangmin, Fu Yanyan, Huang Tianning,
Tian Shen, Li Yujing, Gao Ya, Yan Han, Lu Fanfu, Yin Zuyong, Wang Qiu, Xie Boyan, Tang Libo, Zang Lei, Zhou Yajin, Zheng Lei, Li Teng, Wei Chao, Zhang Yun,
Wang Bin, Shen Lin, Yu Mingming, Shi Jing, Sang Wenfeng, Yao Dong, Tan Cheng, Li Biao, Xie Chaohai, Luo Hongwei, Cai Xinyi, Liu Xiaocen, Zhang Chao, Ge Mengying,
Liu Zhen:
Information Security Technology Mobile Internet Application (App)
Software Development Kit (SDK) Security Requirements
1 Scope
This document stipulates the design, development, release, operation and termination of mobile Internet application (App) software development kit (SDK)
and other stages and security requirements for personal information processing activities:
This document is applicable to SDK development and operation, and is used as a reference for SDK security testing and evaluation:
2 Normative reference documents
The contents of the following documents constitute essential provisions of this document through normative references in the text: Among them, the dated quotations
For undated referenced documents, only the version corresponding to that date applies to this document; for undated referenced documents, the latest version (including all amendments) applies to
this document:
GB/T 25069-2022 Information security technical terms
GB/T 34975-2017 Information security technology mobile intelligent terminal application software security technical requirements and testing and evaluation methods
GB/T 35273-2020 Information Security Technology Personal Information Security Specifications
GB/T 37964-2019 Information Security Technology Personal Information De-Identification Guidelines
GB/T 41391-2022 Information Security Technology Basic Requirements for Mobile Internet Applications (Apps) to Collect Personal Information
3 Terms and definitions
The following terms and definitions defined in GB/T 25069-2022, GB/T 35273-2020, GB/T 41391-2022 apply to
this document:
3:1
Software libraries to assist in software development:
Note: A software development kit typically includes a collection of related binaries, APIs, documentation, examples, and tools:
[Source: GB/T 41391-2022, 3:14, with modifications]
3:2
Developer, owner, manager or provider of software development kits:
Note: The abbreviation of SDK operator also includes SDK-related personal information processors:
3:3
Developer, owner, manager or provider of mobile Internet applications:
Note: referred to as App operator, it also includes App-related personal information processors:
[Source: GB/T 41391-2022, 3:2, with modifications]
Price & DeliveryUS$349.00 ยท In stock
Delivery: <= 4 days. True-PDF full-copy in English will be manually translated and delivered via email.
GB/T 43435-2023: Information security technology - Security requirements for software development kit (SDK) in mobile internet applications (App)
Status: Valid
Tips & Frequently Asked Questions:Question 1: How long will the true-PDF of GB/T 43435-2023_English be delivered?Answer: Upon your order, we will start to translate GB/T 43435-2023_English as soon as possible, and keep you informed of the progress. The lead time is typically 2 ~ 4 working days. The lengthier the document the longer the lead time. Question 2: Can I share the purchased PDF of GB/T 43435-2023_English with my colleagues?Answer: Yes. The purchased PDF of GB/T 43435-2023_English will be deemed to be sold to your employer/organization who actually pays for it, including your colleagues and your employer's intranet. Question 3: Does the price include tax/VAT?Answer: Yes. Our tax invoice, downloaded/delivered in 9 seconds, includes all tax/VAT and complies with 100+ countries' tax regulations (tax exempted in 100+ countries) -- See Avoidance of Double Taxation Agreements (DTAs): List of DTAs signed between Singapore and 100+ countriesQuestion 4: Do you accept my currency other than USD?Answer: Yes. If you need your currency to be printed on the invoice, please write an email to [email protected]. In 2 working-hours, we will create a special link for you to pay in any currencies. Otherwise, follow the normal steps: Add to Cart -- Checkout -- Select your currency to pay. |